vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/umn/dws_03_0197.html
Lu, Huayi c5fcb46315 DWS UMN 801 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2022-12-13 12:47:57 +00:00

234 lines
39 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001318121861"></a><a name="EN-US_TOPIC_0000001318121861"></a>
<h1 class="topictitle1">How Do I Grant Table Permissions to a User?</h1>
<div id="body0000001318121861"><p id="EN-US_TOPIC_0000001318121861__p8060118">This section describes how to grant users the SELECT, INSERT, UPDATE, or full permissions for tables.</p>
<div class="section" id="EN-US_TOPIC_0000001318121861__section6335144512142"><h4 class="sectiontitle">Syntax</h4><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen6272205931311"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="err">{</span><span class="w"> </span><span class="err">{</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">INSERT</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">UPDATE</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">DELETE</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">TRUNCATE</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">REFERENCES</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">TRIGGER</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">ANALYZE</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">ANALYSE</span><span class="w"> </span><span class="err">}</span><span class="w"> </span><span class="p">[,</span><span class="w"> </span><span class="p">...]</span><span class="w"> </span>
<span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="err">}</span><span class="w"></span>
<span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="err">{</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="k">table_name</span><span class="w"> </span><span class="p">[,</span><span class="w"> </span><span class="p">...]</span><span class="w"></span>
<span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="k">schema_name</span><span class="w"> </span><span class="p">[,</span><span class="w"> </span><span class="p">...]</span><span class="w"> </span><span class="err">}</span><span class="w"></span>
<span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="err">{</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">GROUP</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="n">role_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">PUBLIC</span><span class="w"> </span><span class="err">}</span><span class="w"> </span><span class="p">[,</span><span class="w"> </span><span class="p">...]</span><span class="w"> </span>
<span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="k">GRANT</span><span class="w"> </span><span class="k">OPTION</span><span class="w"> </span><span class="p">];</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0000001318121861__section16988155710145"><h4 class="sectiontitle">Scenario</h4><p id="EN-US_TOPIC_0000001318121861__p0961243191620">Assume there are users <strong id="EN-US_TOPIC_0000001318121861__b1495742114814">u1</strong>, <strong id="EN-US_TOPIC_0000001318121861__b966592164915">u2</strong>, <strong id="EN-US_TOPIC_0000001318121861__b1278294184910">u3</strong>, <strong id="EN-US_TOPIC_0000001318121861__b167251672493">u4</strong>, and <strong id="EN-US_TOPIC_0000001318121861__b8478943174817">u5</strong> and five schemas named after these users. Their permission requirements are as follows:</p>
<ul id="EN-US_TOPIC_0000001318121861__ul119581350201615"><li id="EN-US_TOPIC_0000001318121861__li19958115011163">User <strong id="EN-US_TOPIC_0000001318121861__b16371075515">u2</strong> is a read-only user and requires the SELECT permission for the <strong id="EN-US_TOPIC_0000001318121861__b9503111695116">u1.t1</strong> table.</li><li id="EN-US_TOPIC_0000001318121861__li56212531169">User <strong id="EN-US_TOPIC_0000001318121861__b441311918518">u3</strong> requires the SELECT permission for the <strong id="EN-US_TOPIC_0000001318121861__b1414519105114">u1.t1</strong> table.</li><li id="EN-US_TOPIC_0000001318121861__li1467613711716">User <strong id="EN-US_TOPIC_0000001318121861__b5798195065110">u3</strong> requires the UPDATE permission for the <strong id="EN-US_TOPIC_0000001318121861__b12799135095111">u1.t1</strong> table.</li><li id="EN-US_TOPIC_0000001318121861__li51011423181710">User <strong id="EN-US_TOPIC_0000001318121861__b1226215911527">u5</strong> requires the full permissions for the <strong id="EN-US_TOPIC_0000001318121861__b885817291523">u1.t1</strong> table.</li></ul>
<p id="EN-US_TOPIC_0000001318121861__p1188573118320"></p>
<p id="EN-US_TOPIC_0000001318121861__p95541310929"><span><img id="EN-US_TOPIC_0000001318121861__image173861411125" src="figure/en-us_image_0000001318300585.png" width="523.6875" height="334.79132400000003" title="Click to enlarge" class="imgResize"></span></p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001318121861__table1415046131512" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Permissions of the u1.t1 table</caption><thead align="left"><tr id="EN-US_TOPIC_0000001318121861__row20151369158"><th align="left" class="cellrowborder" valign="top" width="6.999999999999999%" id="mcps1.3.3.6.2.8.1.1"><p id="EN-US_TOPIC_0000001318121861__p3831151610205">User</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="6.999999999999999%" id="mcps1.3.3.6.2.8.1.2"><p id="EN-US_TOPIC_0000001318121861__p131511368154">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="57.999999999999986%" id="mcps1.3.3.6.2.8.1.3"><p id="EN-US_TOPIC_0000001318121861__p615114610154">GRANT Statement</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="6.999999999999999%" id="mcps1.3.3.6.2.8.1.4"><p id="EN-US_TOPIC_0000001318121861__p4187215942">Query</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="6.999999999999999%" id="mcps1.3.3.6.2.8.1.5"><p id="EN-US_TOPIC_0000001318121861__p131872156419">Insert</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="6.999999999999999%" id="mcps1.3.3.6.2.8.1.6"><p id="EN-US_TOPIC_0000001318121861__p6187111519419">Update</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="6.999999999999999%" id="mcps1.3.3.6.2.8.1.7"><p id="EN-US_TOPIC_0000001318121861__p161878151411">Delete</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001318121861__row76688271269"><td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.1 "><p id="EN-US_TOPIC_0000001318121861__p1883121622014">u1</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.2 "><p id="EN-US_TOPIC_0000001318121861__p466812276267">Owner</p>
</td>
<td class="cellrowborder" valign="top" width="57.999999999999986%" headers="mcps1.3.3.6.2.8.1.3 "><p id="EN-US_TOPIC_0000001318121861__p4668152714268">-</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.4 "><p id="EN-US_TOPIC_0000001318121861__p95137331946"><strong id="EN-US_TOPIC_0000001318121861__b1151314331748"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.5 "><p id="EN-US_TOPIC_0000001318121861__p19513193312420"><strong id="EN-US_TOPIC_0000001318121861__b851319331243"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.6 "><p id="EN-US_TOPIC_0000001318121861__p1851333319418"><strong id="EN-US_TOPIC_0000001318121861__b125137335418"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.7 "><p id="EN-US_TOPIC_0000001318121861__p951317331418"><strong id="EN-US_TOPIC_0000001318121861__b15513193316418"></strong></p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001318121861__row16151146111513"><td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.1 "><p id="EN-US_TOPIC_0000001318121861__p135731945193313">u2</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.2 "><p id="EN-US_TOPIC_0000001318121861__p15244154319332">Read-only user</p>
</td>
<td class="cellrowborder" valign="top" width="57.999999999999986%" headers="mcps1.3.3.6.2.8.1.3 "><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen183301354194616"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.4 "><p id="EN-US_TOPIC_0000001318121861__p594155716255"><strong id="EN-US_TOPIC_0000001318121861__b181266519461"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.5 "><p id="EN-US_TOPIC_0000001318121861__p194633564268">x</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.6 "><p id="EN-US_TOPIC_0000001318121861__p86682025271">x</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.7 "><p id="EN-US_TOPIC_0000001318121861__p77901521122715">x</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001318121861__row91518661512"><td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.1 "><p id="EN-US_TOPIC_0000001318121861__p5831131611202">u3</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.2 "><p id="EN-US_TOPIC_0000001318121861__p1815166131515">INSERT user</p>
</td>
<td class="cellrowborder" valign="top" width="57.999999999999986%" headers="mcps1.3.3.6.2.8.1.3 "><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen9983122811228"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">INSERT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u3</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.4 "><p id="EN-US_TOPIC_0000001318121861__p1094114579255">x</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.5 "><p id="EN-US_TOPIC_0000001318121861__p5463175620267"><strong id="EN-US_TOPIC_0000001318121861__b16660115318462"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.6 "><p id="EN-US_TOPIC_0000001318121861__p10668529276">x</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.7 "><p id="EN-US_TOPIC_0000001318121861__p6790102116279">x</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001318121861__row115111671510"><td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.1 "><p id="EN-US_TOPIC_0000001318121861__p5831121612013">u4</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.2 "><p id="EN-US_TOPIC_0000001318121861__p1458115641818">UPDATE user</p>
</td>
<td class="cellrowborder" valign="top" width="57.999999999999986%" headers="mcps1.3.3.6.2.8.1.3 "><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen15640113310412"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="p">,</span><span class="k">UPDATE</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u4</span><span class="p">;</span><span class="w"> </span>
</pre></div></td></tr></table></div>
</div>
<div class="notice" id="EN-US_TOPIC_0000001318121861__note18863417184113"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="EN-US_TOPIC_0000001318121861__p1692082994116">The UPDATE permission must be granted together with the SELECT permission, or information leakage may occur.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.4 "><p id="EN-US_TOPIC_0000001318121861__p394125762514"><strong id="EN-US_TOPIC_0000001318121861__b1143717555466"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.5 "><p id="EN-US_TOPIC_0000001318121861__p1046315612266">x</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.6 "><p id="EN-US_TOPIC_0000001318121861__p146687213271"><strong id="EN-US_TOPIC_0000001318121861__b14186132124711"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.7 "><p id="EN-US_TOPIC_0000001318121861__p1779015211273">x</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001318121861__row1895816571917"><td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.1 "><p id="EN-US_TOPIC_0000001318121861__p88311616182016">u5</p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.2 "><p id="EN-US_TOPIC_0000001318121861__p495919510192">Super user</p>
</td>
<td class="cellrowborder" valign="top" width="57.999999999999986%" headers="mcps1.3.3.6.2.8.1.3 "><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen97221049142116"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u5</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.4 "><p id="EN-US_TOPIC_0000001318121861__p094110575255"><strong id="EN-US_TOPIC_0000001318121861__b206172057104619"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.5 "><p id="EN-US_TOPIC_0000001318121861__p646318569267"><strong id="EN-US_TOPIC_0000001318121861__b158251459134613"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.6 "><p id="EN-US_TOPIC_0000001318121861__p2668225279"><strong id="EN-US_TOPIC_0000001318121861__b15826165917460"></strong></p>
</td>
<td class="cellrowborder" valign="top" width="6.999999999999999%" headers="mcps1.3.3.6.2.8.1.7 "><p id="EN-US_TOPIC_0000001318121861__p157901921202719"><strong id="EN-US_TOPIC_0000001318121861__b148271259204613"></strong></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0000001318121861__section19449123812912"><h4 class="sectiontitle">Procedure</h4><p id="EN-US_TOPIC_0000001318121861__p3936914164211">Perform the following steps to grant and verify permissions:</p>
<ol id="EN-US_TOPIC_0000001318121861__ol552482754710"><li id="EN-US_TOPIC_0000001318121861__li65241327164718"><span>Connect to your database as <strong id="EN-US_TOPIC_0000001318121861__b8635201418215">dbadmin</strong>. Run the following statements to create users <strong id="EN-US_TOPIC_0000001318121861__b955110581011">u1</strong> to <strong id="EN-US_TOPIC_0000001318121861__b3551458418">u5</strong>. Five schemas will be created and named after the users by default.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen252462716471"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span><span class="w"></span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u2</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span><span class="w"></span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u3</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span><span class="w"></span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u4</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span><span class="w"></span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u5</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li></ol><ol start="2" id="EN-US_TOPIC_0000001318121861__ol1752410277472"><li id="EN-US_TOPIC_0000001318121861__li17661019135715"><span>Create table <strong id="EN-US_TOPIC_0000001318121861__b4235132113313">u1.t1</strong> in schema <strong id="EN-US_TOPIC_0000001318121861__b167806221037">u1</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen17411951525"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001318121861__li716313355586"><span>Insert two records to the table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen1645711489584"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">VALUES</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">);</span><span class="w"></span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">VALUES</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">);</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001318121861__li1073163911505"><span>Grant schema permissions to users.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen082252375314"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">USAGE</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">,</span><span class="n">u3</span><span class="p">,</span><span class="n">u4</span><span class="p">,</span><span class="n">u5</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001318121861__li12544143555116"><span>Grant user <strong id="EN-US_TOPIC_0000001318121861__b10124185518611">u2</strong> the permission to query the <strong id="EN-US_TOPIC_0000001318121861__b189354571562">u1.t1</strong> table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen169285574564"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001318121861__li89842328507"><span>Start a new session and connect to the database as user <strong id="EN-US_TOPIC_0000001318121861__b157014158715">u2</strong>. Verify that user <strong id="EN-US_TOPIC_0000001318121861__b7238153813716">u2</strong> can query the <strong id="EN-US_TOPIC_0000001318121861__b7629440073">u1.t1</strong> table but cannot write to or modify the table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen683611513586"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span><span class="w"></span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">VALUES</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">20</span><span class="p">);</span><span class="w"></span>
<span class="k">UPDATE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">SET</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="k">WHERE</span><span class="w"> </span><span class="n">c1</span><span class="w"> </span><span class="o">=</span><span class="mi">1</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001318121861__p1290384725717"><span><img id="EN-US_TOPIC_0000001318121861__image152762012824" src="figure/en-us_image_0000001318571169.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001318121861__li1269522105717"><span>In the session started by user <strong id="EN-US_TOPIC_0000001318121861__b8852133218811">dbadmin</strong>, grant permissions to users <strong id="EN-US_TOPIC_0000001318121861__b1647115481383">u3</strong>, <strong id="EN-US_TOPIC_0000001318121861__b129241849283">u4</strong>, and <strong id="EN-US_TOPIC_0000001318121861__b17591150989">u5</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen5981414847"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">INSERT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u3</span><span class="p">;</span><span class="w"> </span><span class="c1">-- Allow u3 to insert data.</span>
<span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="p">,</span><span class="k">UPDATE</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u4</span><span class="p">;</span><span class="w"> </span><span class="c1">-- Allow u4 to modify the table.</span>
<span class="k">GRANT</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u5</span><span class="p">;</span><span class="w"> </span><span class="c1">-- Allow u5 to query, insert, modify, and delete table data.</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001318121861__li10513444"><span>Start a new session and connect to the database as user <strong id="EN-US_TOPIC_0000001318121861__b1662473561015">u3</strong>. Verify that user <strong id="EN-US_TOPIC_0000001318121861__b5624173571014">u3</strong> can query the <strong id="EN-US_TOPIC_0000001318121861__b5624203551018">u1.t1</strong> table but cannot query or modify the table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen478995213149"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span><span class="w"></span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">VALUES</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">20</span><span class="p">);</span><span class="w"></span>
<span class="k">UPDATE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">SET</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="k">WHERE</span><span class="w"> </span><span class="n">c1</span><span class="w"> </span><span class="o">=</span><span class="mi">1</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001318121861__p17489184717143"><span><img id="EN-US_TOPIC_0000001318121861__image10219144916143" src="figure/en-us_image_0000001269695730.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001318121861__li1157371591518"><span>Start a new session and connect to the database as user <strong id="EN-US_TOPIC_0000001318121861__b9373728201115">u4</strong>. Verify that user <strong id="EN-US_TOPIC_0000001318121861__b037382871112">u4</strong> can modify and query the <strong id="EN-US_TOPIC_0000001318121861__b737314284117">u1.t1</strong> table, but cannot insert data to the table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen12769173612157"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span><span class="w"></span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">VALUES</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">20</span><span class="p">);</span><span class="w"></span>
<span class="k">UPDATE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">SET</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="k">WHERE</span><span class="w"> </span><span class="n">c1</span><span class="w"> </span><span class="o">=</span><span class="mi">1</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001318121861__p1558073531516"><span><img id="EN-US_TOPIC_0000001318121861__image16806115910157" src="figure/en-us_image_0000001318295749.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001318121861__li9371543121611"><span>Start a new session and connect to the database as user <strong id="EN-US_TOPIC_0000001318121861__b4899725151210">u5</strong>. Verify that user <strong id="EN-US_TOPIC_0000001318121861__b1389952581214">u4</strong> can query, insert, modify, and delete data in the <strong id="EN-US_TOPIC_0000001318121861__b16899132521212">u1.t1</strong> table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen156841114141717"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span><span class="w"></span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">VALUES</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">20</span><span class="p">);</span><span class="w"></span>
<span class="k">UPDATE</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="w"> </span><span class="k">SET</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="k">WHERE</span><span class="w"> </span><span class="n">c1</span><span class="w"> </span><span class="o">=</span><span class="mi">1</span><span class="p">;</span><span class="w"></span>
<span class="k">DELETE</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">u1</span><span class="p">.</span><span class="n">t1</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001318121861__p20820138121917"><span><img id="EN-US_TOPIC_0000001318121861__image188891393199" src="figure/en-us_image_0000001269536006.png"></span></p>
</p></li><li id="EN-US_TOPIC_0000001318121861__li712384222111"><span>In the session started by user <strong id="EN-US_TOPIC_0000001318121861__b10609141818178">dbadmin</strong>, execute the has_table_privilege function to query user permissions.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001318121861__screen112881353103017"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">pg_class</span><span class="w"> </span><span class="k">WHERE</span><span class="w"> </span><span class="n">relname</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'t1'</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001318121861__p1964818548215">Check the <strong id="EN-US_TOPIC_0000001318121861__b1431957121715">relacl</strong> column in the command output. <em id="EN-US_TOPIC_0000001318121861__i0886171481818">rolename</em><strong id="EN-US_TOPIC_0000001318121861__b1675252551815">=</strong><em id="EN-US_TOPIC_0000001318121861__i28864149185">xxxx/yyyy</em> indicates that <em id="EN-US_TOPIC_0000001318121861__i1388610144188">rolename</em> has the <em id="EN-US_TOPIC_0000001318121861__i188661411189">xxxx</em> permission on the table and the permission is obtained from <em id="EN-US_TOPIC_0000001318121861__i7887101414187">yyyy</em>.</p>
<p id="EN-US_TOPIC_0000001318121861__p74259226191">The following figure shows the command output.</p>
<p id="EN-US_TOPIC_0000001318121861__p75531624171912"><span><img id="EN-US_TOPIC_0000001318121861__image29011315399" src="figure/en-us_image_0000001364353761.png" width="523.6875" height="77.337372" title="Click to enlarge" class="imgResize"></span></p>
<ul id="EN-US_TOPIC_0000001318121861__ul16269183611445"><li id="EN-US_TOPIC_0000001318121861__li13269036164411"><strong id="EN-US_TOPIC_0000001318121861__b0181125261919">u1=arwdDxtA/u1</strong> indicates that <strong id="EN-US_TOPIC_0000001318121861__b178428553190">u1</strong> is the owner and has full permissions.</li><li id="EN-US_TOPIC_0000001318121861__li12691336174411"><strong id="EN-US_TOPIC_0000001318121861__b1597712152015">u2=r/u1</strong> indicates that <strong id="EN-US_TOPIC_0000001318121861__b186105602011">u2</strong> has the read permission.</li><li id="EN-US_TOPIC_0000001318121861__li1426913612449"><strong id="EN-US_TOPIC_0000001318121861__b10513152514204">u3=a/u1</strong> indicates that <strong id="EN-US_TOPIC_0000001318121861__b191437302204">u3</strong> has the insert permission.</li><li id="EN-US_TOPIC_0000001318121861__li426917367443"><strong id="EN-US_TOPIC_0000001318121861__b1855983510208">u4=rw/u1</strong> indicates that <strong id="EN-US_TOPIC_0000001318121861__b491173722011">u4</strong> has the read and update permissions.</li><li id="EN-US_TOPIC_0000001318121861__li8269193618443"><strong id="EN-US_TOPIC_0000001318121861__b16999184412207">u5=arwdDxtA/u1</strong> indicates that <strong id="EN-US_TOPIC_0000001318121861__b14906175062010">u5</strong> has full permissions.</li></ul>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_03_0110.html">Account, Password, and Permissions</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink