vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/umn/dws_03_0196.html
Lu, Huayi c5fcb46315 DWS UMN 801 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2022-12-13 12:47:57 +00:00

81 lines
17 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001239662887"></a><a name="EN-US_TOPIC_0000001239662887"></a>
<h1 class="topictitle1">How Do I Grant Schema Permissions to a User?</h1>
<div id="body0000001239662887"><p id="EN-US_TOPIC_0000001239662887__p727921318196">This section describes how to grant the query permission for a schema as an example. For more information, see <span id="EN-US_TOPIC_0000001239662887__ph363413521358">"How Do I Grant Table Permissions to a User?" in FAQ.</span> You can grant:</p>
<ul id="EN-US_TOPIC_0000001239662887__ul49631528181910"><li id="EN-US_TOPIC_0000001239662887__li154565610310">Permission for a table in a schema</li><li id="EN-US_TOPIC_0000001239662887__li15963162811198">Permission for all the tables in a schema</li><li id="EN-US_TOPIC_0000001239662887__li109636288191">Permission for tables to be created in the schema</li></ul>
<p id="EN-US_TOPIC_0000001239662887__p79321327998">Assume that there are users <strong id="EN-US_TOPIC_0000001239662887__b629793423714">u1</strong> and <strong id="EN-US_TOPIC_0000001239662887__b6161135193712">u2</strong>, and two schemas named after them. User <strong id="EN-US_TOPIC_0000001239662887__b19946135610374">u2</strong> needs to access tables in schema <strong id="EN-US_TOPIC_0000001239662887__b364159143714">u1</strong>.</p>
<p id="EN-US_TOPIC_0000001239662887__p83747531191"><span><img id="EN-US_TOPIC_0000001239662887__image2722192463418" src="figure/en-us_image_0000001318546125.png" width="523.6875" height="492.635591" title="Click to enlarge" class="imgResize"></span></p>
<p id="EN-US_TOPIC_0000001239662887__p1992675371917"></p>
<ol id="EN-US_TOPIC_0000001239662887__ol1594761512175"><li id="EN-US_TOPIC_0000001239662887__li194331127133712"><span>Connect to your database as <strong id="EN-US_TOPIC_0000001239662887__b55813395380">dbadmin</strong>. Run the following statements to create users <strong id="EN-US_TOPIC_0000001239662887__b458153913389">u1</strong> and <strong id="EN-US_TOPIC_0000001239662887__b1658193993812">u2</strong>. Two schemas will be created and named after the users by default.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen156514510565"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span><span class="w"></span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u2</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001239662887__li17661019135715"><span>Create tables <strong id="EN-US_TOPIC_0000001239662887__b15256122823913">u1.t1</strong> and <strong id="EN-US_TOPIC_0000001239662887__b1291315463391">u1.t2</strong> in schema <strong id="EN-US_TOPIC_0000001239662887__b1926314284395">u1</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen17411951525"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span><span class="w"></span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t2</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001239662887__li147751018124419"><span>Grant the access permission of schema <strong id="EN-US_TOPIC_0000001239662887__b101611057183910">u1</strong> to user <strong id="EN-US_TOPIC_0000001239662887__b0122155818393">u2</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen12850111794616"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">USAGE</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001239662887__li185386414379"><a name="EN-US_TOPIC_0000001239662887__li185386414379"></a><a name="li185386414379"></a><span>Grant user <strong id="EN-US_TOPIC_0000001239662887__b754315964014">u2</strong> the permission to query table <strong id="EN-US_TOPIC_0000001239662887__b481201216408">u1.t1</strong> in schema <strong id="EN-US_TOPIC_0000001239662887__b240911314403">u1</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen183301354194616"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001239662887__li89842328507"><span>Start a new session and connect to the database as user <strong id="EN-US_TOPIC_0000001239662887__b2171182094014">u2</strong> Verify that user <strong id="EN-US_TOPIC_0000001239662887__b141774201405">u2</strong> can query the <strong id="EN-US_TOPIC_0000001239662887__b417717206403">u1.t1</strong> table but not the <strong id="EN-US_TOPIC_0000001239662887__b1378225014404">u1.t2</strong> table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen222547115311"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span><span class="w"></span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t2</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001239662887__p1479412231442"><span><img id="EN-US_TOPIC_0000001239662887__image81896201162" src="figure/en-us_image_0000001318103277.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001239662887__li19719925165212"><span>In the session started by user <strong id="EN-US_TOPIC_0000001239662887__b3960153634212">dbadmin</strong>, grant user <strong id="EN-US_TOPIC_0000001239662887__b920819566429">u2</strong> the permission to query all the tables in schema <strong id="EN-US_TOPIC_0000001239662887__b1542384316">u1</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen3511190185313"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001239662887__li19640135718612"><span>In the session started by user <strong id="EN-US_TOPIC_0000001239662887__b730913724320">u2</strong>, verify that <strong id="EN-US_TOPIC_0000001239662887__b9120348164319">u2</strong> can query all tables.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen2015015161571"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span><span class="w"></span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t2</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001239662887__p45814281874"><span><img id="EN-US_TOPIC_0000001239662887__image196411131970" src="figure/en-us_image_0000001318263369.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001239662887__li153703571679"><span>In the session started by user <strong id="EN-US_TOPIC_0000001239662887__b189007124916">dbadmin</strong>, create table<strong id="EN-US_TOPIC_0000001239662887__b152672894915"> u1.t3</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen12324121189"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t3</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001239662887__li13195113612813"><span>In the session started by user <strong id="EN-US_TOPIC_0000001239662887__b12212895012">u2</strong>, verify that user <strong id="EN-US_TOPIC_0000001239662887__b1574701885018">u2</strong> does not have the query permission for <strong id="EN-US_TOPIC_0000001239662887__b159141023185020">u1.t3</strong>. It indicates that user <strong id="EN-US_TOPIC_0000001239662887__b198601348504">u2</strong> has the permission to access all the existing tables in schema <strong id="EN-US_TOPIC_0000001239662887__b135971200519">u1</strong>, but not the tables to be created in the future.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen18446163317132"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t3</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001239662887__p15374294116"><span><img id="EN-US_TOPIC_0000001239662887__image10803205614119" src="figure/en-us_image_0000001318423893.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001239662887__li398520110127"><span>In the session started by user <strong id="EN-US_TOPIC_0000001239662887__b1568473334913">dbadmin</strong>, grant user <strong id="EN-US_TOPIC_0000001239662887__b6684233174913">u2</strong> the permission to query the tables to be created in schema <strong id="EN-US_TOPIC_0000001239662887__b18684163316493">u1</strong>. Create table <strong id="EN-US_TOPIC_0000001239662887__b875765074912">u1.t4</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen1847863741311"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">DEFAULT</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span><span class="w"></span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t4</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001239662887__li72582301146"><span>In the session started by user <strong id="EN-US_TOPIC_0000001239662887__b3694133017515">u2</strong>, verify that user <strong id="EN-US_TOPIC_0000001239662887__b1269420301514">u2</strong> can access table <strong id="EN-US_TOPIC_0000001239662887__b199343965120">u1.t4</strong>, but does not have the permission to access <strong id="EN-US_TOPIC_0000001239662887__b1864518215218">u1.t3</strong>. To let the user access table <strong id="EN-US_TOPIC_0000001239662887__b1671844025320">u1.t3</strong>, you can grant permissions by performing <a href="#EN-US_TOPIC_0000001239662887__li185386414379">4</a>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001239662887__screen19459152961712"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t4</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001239662887__p5461161911176"><span><img id="EN-US_TOPIC_0000001239662887__image1916802771819" src="figure/en-us_image_0000001268864780.png"></span></p>
</p></li></ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_03_0110.html">Account, Password, and Permissions</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink