GRANT
Grants permissions to an account.
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON priv_level
TO user [auth_option]
[WITH {GRANT OPTION}]Required parameters
| Parameter | Description |
|---|---|
priv_type |
The type of permission to grant. For a full list of supported permission types, see Permission model. |
priv_level |
The scope at which the permission applies. Valid values: *.* (cluster level), db_name.* (database level), db_name.table_name or table_name (table level), catalog <catalog_name> (external catalog level). |
Optional parameters
| Parameter | Description |
|---|---|
column_list |
A list of column names. Applicable only when priv_type is SELECT. Restricts the SELECT permission to the specified columns. |
WITH GRANT OPTION |
Allows the grantee to further grant the same permissions to other accounts. |
Usage notes
To grant permissions to other accounts, the account running the GRANT statement must have the GRANT OPTION permission.
Examples
Grant cluster-level permissions
Grant the cluster-level all permission to account2:
GRANT all ON *.* TO 'account2';account2 now has full permissions across the entire cluster.
Grant cluster-level data manipulation permissions to a new account:
GRANT insert,select,update,delete on *.* to 'test'@'%' identified by 'Testpassword1';This creates account test and grants it INSERT, SELECT, UPDATE, and DELETE permissions at the cluster level.
Grant database-level permissions
Grant the database-level all permission to account3:
GRANT all ON adb_demo.* TO 'account3';account3 now has full permissions on the adb_demo database.
Grant database-level data manipulation permissions to a new account:
GRANT insert,select,update,delete on adb_demo.* to 'test123' identified by 'Testpassword123';This creates account test123 and grants it INSERT, SELECT, UPDATE, and DELETE permissions on adb_demo.
Grant external catalog permissions
Grant the ACCESS permission on external catalog paimon_catalog to account4:
GRANT all ON catalog paimon_catalog TO 'account4'@'%';account4 now has full permissions on the paimon_catalog external catalog.
Grant column-level permissions
Grant the SELECT permission on specific columns to a new account:
GRANT select (customer_id, sex) ON customer TO 'test321' identified by 'Testpassword321';This creates account test321 and restricts its SELECT access to the customer_id and sex columns of the customer table.