All Products
Search

This Product

    Lindorm:GRANT

    Document Center

    Lindorm:GRANT

    Last Updated:Mar 28, 2026

    Use GRANT to assign permissions to a user on a specific resource — a table, a database, or the entire cluster.

    Applicable engines

    GRANT is supported on all versions of LindormTable and LindormTSDB.

    Prerequisites

    Before you begin, ensure that you have:

    Syntax

    grant_permission_statement ::=  GRANT privilege_definition ON resource_definition TO user_identifier
privilege_definition       ::=  ALL | READ | WRITE | ADMIN | TRASH | SYSTEM
resource_definition        ::=  GLOBAL | DATABASE identifier | SCHEMA identifier | TABLE identifier

    Parameters

    Permissions (privilege_definition)

    PermissionDescription
    ALL or ALL PRIVILEGEAll permissions on the resource, including READ, WRITE, ADMIN, and TRASH.
    READRead permission on the resource.
    WRITEWrite permission on the resource.
    ADMINAdministrator permissions on the resource.
    TRASHDelete permission on the resource.
    SYSTEMCluster management permissions. Includes ADMIN at the GLOBAL level.

    ADMIN and SYSTEM behavior:

    • ADMIN is independent of READ and WRITE. A user granted ADMIN on a database cannot automatically read or write its tables — grant READ or WRITE on those tables explicitly.

    • SYSTEM cannot be granted on a specific database; it applies at the GLOBAL level only.

    Resource levels (resource_definition)

    Resource levels follow a scope hierarchy: GLOBAL > DATABASE (SCHEMA) > TABLE. A permission granted at a higher level covers all resources below it. For example, READ at the GLOBAL level lets the user read every table in every database.

    Resource levelLindormTableLindormTSDBDescription
    GLOBALSupportedSupportedGrants permissions across all databases and tables.
    DATABASESupportedSupportedGrants permissions on a specific database. Equivalent to SCHEMA.
    TABLESupportedNot supportedGrants permissions on a specific table. Not supported in LindormTSDB.
    Important

    We recommend that you do not grant permissions, especially the ALL PRIVILEGE permission, on resources of the GLOBAL level.

    DATABASE vs. SCHEMA: LindormTable 2.5.3.3 and later support the DATABASE keyword. Earlier versions support only SCHEMA. Both keywords refer to the same resource and are interchangeable.

    When specifying DATABASE, SCHEMA, or TABLE, include the identifier:

    • DATABASE default or SCHEMA default — the database named default

    • TABLE test — the table named test

    • TABLE db2.table2 — the table table2 in database db2

    User (user_identifier)

    The user to receive the permissions.

    Examples

    Grant all permissions on a database

    To let user1 perform any operation on db1:

    GRANT ALL ON DATABASE db1 TO user1;
-- or, for LindormTable versions earlier than 2.5.3.3:
GRANT ALL ON SCHEMA db1 TO user1;

    Grant specific permissions on a table

    To make user2 an administrator of table2 in db2 (without granting read or write access):

    GRANT ADMIN ON TABLE db2.table2 TO user2;

    To let user3 write to table3 in the current database:

    GRANT WRITE ON TABLE table3 TO user3;

    Grant a permission at the global level

    To let user4 read all tables across all databases:

    GRANT READ ON GLOBAL TO user4;