AnalyticDB for MySQL allows you to grant different permissions on different levels to implement permission control.
Permission levels
An AnalyticDB for MySQL cluster supports the following levels of permission control:
- GLOBAL: cluster-level permissions
- DB: database-level permissions
- TABLE: table-level permissions
- COLUMN: column-level (field) permissions
If you want a user to query the data of one specific column in a table, you can grant the SELECT permission on the column to the user. Example:
GRANT select (customer_id) ON customer TO 'test321'
.
Operations and corresponding permissions
Operation | Required permission | Supported permission level |
---|---|---|
SELECT | SELECT |
|
INSERT | INSERT |
|
INSERT...SELECT...FROM... |
|
|
UPDATE | UPDATE |
|
DELETE | DELETE |
|
TRUNCATE TABLE | DROP |
|
ALTER TABLE |
|
|
CREATE DATABASE | CREATE | - |
CREATE TABLE | CREATE |
|
SHOW CREATE TABLE | SELECT |
|
DROP DATABASE | DROP | DB |
DROP TABLE | DROP |
|
CREATE VIEW |
|
|
DROP VIEW | DROP |
|
SHOW CREATE VIEW |
|
|
CREATE USER/DROP USER/RENAME USER | CREATE_USER | - |
SET PASSWORD | SUPER | - |
GRANT/REVOKE | GRANT | - |