AnalyticDB for MySQL allows you to grant different permissions on different levels to implement permission control.

Permission levels

An AnalyticDB for MySQL cluster supports the following levels of permission control:

  • GLOBAL: cluster-level permissions
  • DB: database-level permissions
  • TABLE: table-level permissions
  • COLUMN: column-level (field) permissions

    If you want a user to query the data of one specific column in a table, you can grant the SELECT permission on the column to the user. Example: GRANT select (customer_id) ON customer TO 'test321'.

Operations and corresponding permissions

Operation Required permission Supported permission level
SELECT SELECT
  • DB
  • TABLE
  • COLUMN
INSERT INSERT
  • DB
  • TABLE
  • COLUMN
INSERT...SELECT...FROM...
  • INSERT
  • SELECT
  • DB
  • TABLE
  • COLUMN
UPDATE UPDATE
  • DB
  • TABLE
  • COLUMN
DELETE DELETE
  • DB
  • TABLE
TRUNCATE TABLE DROP
  • DB
  • TABLE
ALTER TABLE
  • ALTER
  • INSERT
  • CREATE
  • DB
  • TABLE
CREATE DATABASE CREATE -
CREATE TABLE CREATE
  • DB
  • TABLE
SHOW CREATE TABLE SELECT
  • DB
  • TABLE
DROP DATABASE DROP DB
DROP TABLE DROP
  • DB
  • TABLE
CREATE VIEW
  • CREATE VIEW

    To execute the CREATE VIEW REPLACE statement, the DROP permission is also required in addition to the preceding permissions.

  • SELECT
  • DB
  • TABLE
DROP VIEW DROP
  • DB
  • TABLE
SHOW CREATE VIEW
  • SHOW VIEW
  • SELECT
  • DB
  • TABLE
CREATE_PROCEDURE CREATE_ROUTINE -
DROP_PROCEDURE ALTER_ROUTINE -
CREATE_EVENT EVENT -
DROP_EVENT EVENT -
CREATE USER/DROP USER/RENAME USER CREATE_USER -
SET PASSWORD SUPER -
GRANT/REVOKE GRANT -