Data Control Language (DCL) consists of syntax for user role management and syntax for user permission management.

Syntax for user role management

In the SQL syntax supported by the ApsaraDB for Lindorm wide table engine, database users are used to define user roles. Syntax for defining a user role:
user_name ::=  identifier | string

Syntax for user permission management

The SQL syntax supported by the ApsaraDB for Lindorm wide table engine allows you to grant a user permissions on a schema or a table. If you do not specify a schema or table when you grant permissions to a user, the user is granted global permissions. The following table describes the permissions that you can grant.
Permission Description
READ Read permissions on a single table or on all tables in a schema.
WRITE Write permissions on a single table or on all tables in a schema.
ADMIN Administrator permissions on a single table or on all tables in a schema.
TRASH Delete permissions on a single table or on all tables in a schema.
SYSTEM System management permissions on a single table or on all tables in a schema. In most cases, the system management permissions are not granted to users.
NORMAL_USER Read and write permissions on a single table or on all tables in a schema.
ADMIN_USER Read, write, and administrator permissions on a single table or on all tables in a schema.
ADMIN_TRASH Read, write, administrator, and delete permissions on a single table or on all tables in a schema.
ALL Read, write, administrator, delete, and system management permissions on a single table or on all tables in a schema.