vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/umn/dws_03_0196.html
Lu, Huayi 95132e24fc DWS UMN 830.201_new version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-05-27 11:54:34 +00:00

82 lines
19 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001330808760"></a><a name="EN-US_TOPIC_0000001330808760"></a>
<h1 class="topictitle1">How Do I Grant Schema Permissions to a User?</h1>
<div id="body0000001330808760"><p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p727921318196">This section describes how to grant the query permission for a schema as an example. For more information, see <span id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_ph363413521358">"How Do I Grant Table Permissions to a User?" in <em id="EN-US_TOPIC_0000001330808760__i137211627123419">FAQs</em></span>:</p>
<ul id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_ul49631528181910"><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li154565610310">Permission for a table in a schema</li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li15963162811198">Permission for all the tables in a schema</li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li109636288191">Permission for tables to be created in the schema</li></ul>
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p79321327998">Assume that there are users <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b629793423714">u1</strong> and <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b6161135193712">u2</strong>, and two schemas named after them. User <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b19946135610374">u2</strong> needs to access tables in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b364159143714">u1</strong>.</p>
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p83747531191"><span><img id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_image2722192463418" src="figure/en-us_image_0000001381609457.png" title="Click to enlarge" class="imgResize"></span></p>
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p1992675371917"></p>
<ol id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_ol1594761512175"><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li194331127133712"><span>Connect to your database as <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b55813395380">dbadmin</strong>. Run the following statements to create users <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b458153913389">u1</strong> and <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1658193993812">u2</strong>. Two schemas will be created and named after the users by default.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen156514510565"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u2</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li17661019135715"><span>Create tables <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b15256122823913">u1.t1</strong> and <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1291315463391">u1.t2</strong> in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1926314284395">u1</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen17411951525"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t2</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li147751018124419"><span>Grant the access permission of schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b101611057183910">u1</strong> to user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b0122155818393">u2</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen12850111794616"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">USAGE</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li185386414379"><a name="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li185386414379"></a><a name="en-us_topic_0000001239662887_li185386414379"></a><span>Grant user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b754315964014">u2</strong> the permission to query table <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b481201216408">u1.t1</strong> in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b240911314403">u1</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen183301354194616"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li89842328507"><span>Start a new session and connect to the database as user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b2171182094014">u2</strong> Verify that user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b141774201405">u2</strong> can query the <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b417717206403">u1.t1</strong> table but not the <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1378225014404">u1.t2</strong> table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen222547115311"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t2</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p1479412231442"><span><img id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_image81896201162" src="figure/en-us_image_0000001330488880.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li19719925165212"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b3960153634212">dbadmin</strong>, grant user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b920819566429">u2</strong> the permission to query all the tables in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1542384316">u1</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen3511190185313"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li19640135718612"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b730913724320">u2</strong>, verify that <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b9120348164319">u2</strong> can query all tables.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen2015015161571"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t2</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p45814281874"><span><img id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_image196411131970" src="figure/en-us_image_0000001381728633.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li153703571679"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b189007124916">dbadmin</strong>, create table<strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b152672894915"> u1.t3</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen12324121189"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t3</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li13195113612813"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b12212895012">u2</strong>, verify that user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1574701885018">u2</strong> does not have the query permission for <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b159141023185020">u1.t3</strong>. It indicates that user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b198601348504">u2</strong> has the permission to access all the existing tables in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b135971200519">u1</strong>, but not the tables to be created in the future.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen18446163317132"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t3</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p15374294116"><span><img id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_image10803205614119" src="figure/en-us_image_0000001381889129.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li398520110127"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1568473334913">dbadmin</strong>, grant user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b6684233174913">u2</strong> the permission to query the tables to be created in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b18684163316493">u1</strong>. Create table <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b875765074912">u1.t4</strong>.</span><p><div class="p" id="EN-US_TOPIC_0000001330808760__p68618382563"><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen1847863741311"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">DEFAULT</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t4</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li72582301146"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b3694133017515">u2</strong>, verify that user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1269420301514">u2</strong> can access table <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b199343965120">u1.t4</strong>, but does not have the permission to access <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1864518215218">u1.t3</strong>. To let the user access table <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1671844025320">u1.t3</strong>, you can grant permissions by performing <a href="#EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li185386414379">4</a>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen19459152961712"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t4</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p5461161911176"><span><img id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_image1916802771819" src="figure/en-us_image_0000001381808809.png"></span></p>
</p></li></ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_03_0110.html">Account, Password, and Permission</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink