AnalyticDB for MySQL allows you to grant different permissions on different levels to implement permission control.
Permission levels
An AnalyticDB for MySQL cluster supports the following levels of permission control:
- GLOBAL: cluster-level permissions
- DB: database-level permissions
- TABLE: table-level permissions
- COLUMN: column-level (field) permissions
If you want a user to query the data of one specific column in a table, you can grant the SELECT permission on the column to the user. Example:
GRANT select (customer_id) ON customer TO 'test321'.
Operations and corresponding permissions
| Operation | Required permission | Supported permission level |
|---|---|---|
| SELECT | SELECT |
|
| INSERT | INSERT |
|
| INSERT...SELECT...FROM... |
|
|
| UPDATE | UPDATE |
|
| DELETE | DELETE |
|
| TRUNCATE TABLE | DROP |
|
| ALTER TABLE |
|
|
| CREATE DATABASE | CREATE | - |
| CREATE TABLE | CREATE |
|
| SHOW CREATE TABLE | SELECT |
|
| DROP DATABASE | DROP | DB |
| DROP TABLE | DROP |
|
| CREATE VIEW |
|
|
| DROP VIEW | DROP |
|
| SHOW CREATE VIEW |
|
|
| CREATE_PROCEDURE | CREATE_ROUTINE | - |
| DROP_PROCEDURE | ALTER_ROUTINE | - |
| CREATE_EVENT | EVENT | - |
| DROP_EVENT | EVENT | - |
| CREATE USER/DROP USER/RENAME USER | CREATE_USER | - |
| SET PASSWORD | SUPER | - |
| GRANT/REVOKE | GRANT | - |