Hologres provides three categories of SQL functions for managing account identities, copying table privileges, and checking whether a user holds a specific privilege on a database object.
| Category | Function | Description |
|---|---|---|
| Account management | USER_DISPLAY_NAME | Converts an account ID into an account name or RAM user name. |
| Account management | HG_DISPLAY_NAME_TO_ID | Converts an account name or RAM user name into an account ID. |
| Authorization | APPLY_PRIVILEGES | Copies the privileges granted on a source table to a destination table. |
| Permission query | HAS_ANY_COLUMN_PRIVILEGE | Checks whether a user holds specific privileges on all columns of a table. |
| Permission query | HAS_COLUMN_PRIVILEGE | Checks whether the current user holds specific privileges on a specified column. |
| Permission query | HAS_DATABASE_PRIVILEGE | Checks whether a user holds specific privileges on a database. |
| Permission query | HAS_FOREIGN_DATA_WRAPPER_PRIVILEGE | Checks whether a user holds specific privileges on a foreign data wrapper. |
| Permission query | HAS_FUNCTION_PRIVILEGE | Checks whether a user holds specific privileges on a function. |
| Permission query | HAS_LANGUAGE_PRIVILEGE | Checks whether a user holds specific privileges on a language. |
| Permission query | HAS_SCHEMA_PRIVILEGE | Checks whether a user holds specific privileges on a schema. |
| Permission query | HAS_SERVER_PRIVILEGE | Checks whether a user holds specific privileges on a foreign server. |
| Permission query | HAS_TABLE_PRIVILEGE | Checks whether a user holds specific privileges on a table. |
| Permission query | HAS_TABLESPACE_PRIVILEGE | Checks whether a user holds specific privileges on a tablespace. |
| Permission query | HAS_TYPE_PRIVILEGE | Checks whether a user holds specific privileges on a type. |
Account management functions
USER_DISPLAY_NAME
Converts the ID of an Alibaba Cloud account or RAM user into the corresponding display name.
Syntax
SELECT USER_DISPLAY_NAME(user_name);Parameters
| Parameter | Required | Description |
|---|---|---|
user_name |
Yes | The account ID. For an Alibaba Cloud account, this is a numeric string such as 13532241323xxx. For a RAM user, this is a string such as p4_23402030200xxx. |
Return value
Returns the display name as a string. For an Alibaba Cloud account, the display name is an email address, for example, xx@aliyun.com. For a RAM user, the display name follows the format RAM$mainaccount:subuser or RAM$public.
Example
-- Get the display name for an Alibaba Cloud account ID
SELECT USER_DISPLAY_NAME('13532241323xxx');HG_DISPLAY_NAME_TO_ID
Converts the display name of an Alibaba Cloud account or RAM user into the corresponding account ID.
Syntax
SELECT HG_DISPLAY_NAME_TO_ID(aliyun_id);Parameters
| Parameter | Required | Description |
|---|---|---|
aliyun_id |
Yes | The display name. For an Alibaba Cloud account, this is an email address such as xx@aliyun.com. For a RAM user, this is a string such as RAM$mainaccount:subuser or RAM$public. |
Return value
Returns the account ID as a string. For an Alibaba Cloud account, the ID is a numeric string such as 13532241323xxx. For a RAM user, the ID is a string such as p4_23402030200xxx.
Example
-- Get the account ID for a RAM user
SELECT HG_DISPLAY_NAME_TO_ID('RAM$main:subuser');Authorization function
APPLY_PRIVILEGES
Copies the Access Control List (ACL)-based authorization information and ownership from a source table to a destination table in the standard PostgreSQL authorization model. Use this function after creating a table with CREATE TABLE LIKE, INSERT OVERWRITE, or automatic partitioning, instead of manually re-granting privileges.
Syntax
-- Copy privileges without revoking existing privileges on the destination table
CALL APPLY_PRIVILEGES('<old_table>', '<new_table>', false);
-- Copy privileges and revoke all existing privileges on the destination table
CALL APPLY_PRIVILEGES('<old_table>', '<new_table>');Parameters
| Parameter | Required | Description |
|---|---|---|
old_table |
Yes | The name of the source table whose privileges are copied. |
new_table |
Yes | The name of the destination table that receives the copied privileges. |
| third argument | No | When set to false, existing privileges on the destination table are preserved. When omitted, existing privileges on the destination table are revoked before the copy. |
Limits
-
Requires Hologres V1.1.48 or later. To upgrade, see the "Manual upgrade" section in Upgrade instances, or join a DingTalk group for assisted upgrade by visiting Obtain online support for Hologres.
-
Requires the standard PostgreSQL authorization model. If the simple permission model (SPM) or the schema-level permission model (SLPM) is enabled, switch to the standard PostgreSQL authorization model first. See Switch between permission models.
-
Requires GRANT and REVOKE privileges on the destination table.
-
For partitioned tables, privileges are applied to the parent table only, not to child tables.
Example
-- Copy privileges from test_table1 to test_table2, keeping existing privileges on test_table2
CALL APPLY_PRIVILEGES('test_table1', 'test_table2', false);
-- Copy privileges from test_table1 to test_table2, revoking existing privileges on test_table2
CALL APPLY_PRIVILEGES('test_table1', 'test_table2');Permission query functions
All permission query functions return a boolean value: t (true) if the privilege is held, f (false) otherwise. The user parameter, where supported, accepts either a user name or a user ID. When omitted, the function checks privileges for the current user. Multiple privileges can be specified separated by commas (,).
Sample data
The examples in this section use a table named test, created as follows:
CREATE TABLE test (a INT);
INSERT INTO test (a) VALUES (1);
INSERT INTO test (a) VALUES (2);
INSERT INTO test (a) VALUES (3);HAS_ANY_COLUMN_PRIVILEGE
Checks whether the current user or a specified user holds specific privileges on all columns of a specified table.
Valid privileges: SELECT, INSERT, UPDATE, REFERENCES.
Syntax
HAS_ANY_COLUMN_PRIVILEGE([user, ] table, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
table |
Yes | The name of the table. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: SELECT, INSERT, UPDATE, REFERENCES. |
Example
SELECT HAS_ANY_COLUMN_PRIVILEGE('139699392458****', 'test', 'SELECT,INSERT,UPDATE,REFERENCES');Result:
has_any_column_privilege
--------------------------
tHAS_COLUMN_PRIVILEGE
Checks whether the current user holds specific privileges on a specified column.
Valid privileges: SELECT, INSERT, UPDATE, REFERENCES.
Syntax
HAS_COLUMN_PRIVILEGE(table, column, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
table |
Yes | The name of the table. |
column |
Yes | The name of the column. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: SELECT, INSERT, UPDATE, REFERENCES. |
Example
SELECT HAS_COLUMN_PRIVILEGE('test', 'a', 'SELECT,INSERT,UPDATE,REFERENCES');Result:
has_column_privilege
----------------------
tHAS_DATABASE_PRIVILEGE
Checks whether a user holds specific privileges on a database.
Valid privileges: CREATE, TEMPORARY, TEMP.
Syntax
HAS_DATABASE_PRIVILEGE([user, ] database, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
database |
Yes | The name of the database. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: CREATE, TEMPORARY, TEMP. |
Example
-- Replace glz with the name of your database
SELECT HAS_DATABASE_PRIVILEGE('glz', 'CREATE,TEMPORARY,TEMP');Result:
has_database_privilege
------------------------
tHAS_FOREIGN_DATA_WRAPPER_PRIVILEGE
Checks whether a user holds specific privileges on a foreign data wrapper (FDW).
Valid privileges: USAGE.
Syntax
HAS_FOREIGN_DATA_WRAPPER_PRIVILEGE([user, ] fdw, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
fdw |
Yes | The name or ID of the foreign data wrapper. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: USAGE. |
Example
-- Replace dlf_fdw with the name of your foreign data wrapper
SELECT HAS_FOREIGN_DATA_WRAPPER_PRIVILEGE('dlf_fdw', 'USAGE');Result:
has_foreign_data_wrapper_privilege
------------------------------------
tHAS_FUNCTION_PRIVILEGE
Checks whether a user holds specific privileges on a function.
Valid privileges: EXECUTE.
Syntax
has_function_privilege([user, ] function, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
function |
Yes | The name of the function. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: EXECUTE. |
Example
SELECT has_function_privilege('now()', 'EXECUTE');Result:
has_function_privilege
------------------------
tHAS_LANGUAGE_PRIVILEGE
Checks whether a user holds specific privileges on a language.
Valid privileges: USAGE.
Syntax
HAS_LANGUAGE_PRIVILEGE([user, ] language, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
language |
Yes | The name of the language. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: USAGE. |
Example
SELECT HAS_LANGUAGE_PRIVILEGE('plpgsql', 'USAGE');Result:
has_language_privilege
------------------------
tHAS_SCHEMA_PRIVILEGE
Checks whether a user holds specific privileges on a schema.
Valid privileges: CREATE, USAGE.
Syntax
HAS_SCHEMA_PRIVILEGE([user, ] schema, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
schema |
Yes | The name of the schema. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: CREATE, USAGE. |
Example
SELECT HAS_SCHEMA_PRIVILEGE('public', 'CREATE,USAGE');Result:
has_schema_privilege
----------------------
tHAS_SERVER_PRIVILEGE
Checks whether a user holds specific privileges on a foreign server.
Valid privileges: USAGE.
Syntax
HAS_SERVER_PRIVILEGE([user, ] server, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
server |
Yes | The name of the foreign server. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: USAGE. |
Example
SELECT HAS_SERVER_PRIVILEGE('meta_warehouse_server', 'USAGE');Result:
has_server_privilege
----------------------
tHAS_TABLE_PRIVILEGE
Checks whether a user holds specific privileges on a table.
Valid privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE.
Syntax
HAS_TABLE_PRIVILEGE([user, ] table, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
table |
Yes | The name of the table. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: SELECT, INSERT, UPDATE, DELETE, TRUNCATE. |
Example
SELECT HAS_TABLE_PRIVILEGE('test', 'SELECT,INSERT');Result:
has_table_privilege
---------------------
tHAS_TABLESPACE_PRIVILEGE
Checks whether a user holds specific privileges on a tablespace.
Valid privileges: CREATE.
Syntax
HAS_TABLESPACE_PRIVILEGE([user, ] tablespace, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
tablespace |
Yes | The name of the tablespace. |
privilege |
Yes | One or more privileges, separated by commas. Valid values: CREATE. |
Example
SELECT HAS_TABLESPACE_PRIVILEGE('pg_default', 'CREATE');Result:
has_tablespace_privilege
--------------------------
tHAS_TYPE_PRIVILEGE
Checks whether the current user or a specified user holds specific privileges on a specified type of object, such as tables, views, or sequences.
Syntax
HAS_TYPE_PRIVILEGE([user, ] type, privilege)Parameters
| Parameter | Required | Description |
|---|---|---|
user |
No | The name or ID of the user. Defaults to the current user. |
type |
Yes | The name of the object type. |
privilege |
Yes | One or more privileges, separated by commas. |
Example
SELECT HAS_TYPE_PRIVILEGE('test', 'USAGE');Result:
has_type_privilege
--------------------
t