All Products
Search
Document Center

GRANT

Last Updated: Apr 23, 2019

Authorize accounts

Syntax

  1. GRANT privilege_type
  2. ON privilege_level
  3. TO user[, …]

Parameters

  • privilege_type indicates the type of the permission. Valid values are SELECT, SHOW, ALTER, DROP, CREATE, INSERT, UPDATE, DELETE, GRANT OPTION, ALL, ALL PRIVILEGES, and USAGE.

    • Separate multiple types of permissions by commas (,), for example, SELECT,DELETE,UPDATE,INSERT,….

    • ALL and ALL PRIVILEGES grant all permissions to an account. In this case, other types of permissions granted to the account become invalid. GRANT OPTION is not included in ALL and must be granted in explicit mode.

    • GRANT OPTION grants the permissions of DCL statements. GRANT is used to grant permissions, and REVOKE is used to revoke the previously granted permissions. You can select GRANT OPTION for Privilege or run the WITH GRANT OPTION statement to grant the GRANT permission.

    • SELECT grants the permissions of the QUERY statements.

    • SHOW grants the permissions of the SHOW and USE statements. The statement logic is greatly different from the MySQL statement.

    • ALTER grants the permissions of the DDL ALTER statements or other DDL statements of the change type.

    • CREATE grants the permissions of the DDL CREATE statements.

    • DROP grants the permissions of the DDL DROP statements.

    • INSERT grants the permissions of the DML INSERT statements.

    • UPDATE grants the permissions of the DML UPDATE statements.

    • DELETE grants the permissions of the DML DELETE statements.

    • USAGE indicates that no permission is granted.

  • privilege_level indicates the level of the authorized object. To query the permission on a schema, enter schema_name.*. To query the permission on a table, enter table_name.

    • * indicates that permissions at the schema or database level are granted to a schema connected to the instance.

    • . indicates that global-level permissions are granted to all tables in all databases.

    • xxDb.* indicates that database-level permissions are granted to the schema or database.

    • xxDb.yyTable indicates that table-level permissions are granted to a table in the schema or database.

    • yyTable indicates that table-level permissions are granted to xxTable in xxDB connected to the instance.

    • Currently, field-level authorization is not supported.
  • user indicates the authorized account.

    • Only the DLA root account can grant permissions to other non-root accounts.

    • Non-root accounts cannot grant permissions to other accounts.

    • Permissions cannot be granted or revoked in cross-account mode.

    • The root account can run the SHOW GRANTS command to view only the permissions of other accounts under the same cloud account.

Example

To grant the ALL permission of the ots_account_test database to the account dla_test, run the following statement:

  1. grant all on ots_account_test.* to dla_test;