- Introduction
- Quick Start
- Table Design
- Data Loading
- Overview of data loading
- Load data from a local file system or a streaming data source using HTTP push
- Load data from HDFS or cloud storage
- Routine Load
- Spark Load
- Insert Into
- Change data through loading
- Transform data at loading
- Json Loading
- Synchronize data from MySQL
- Load data by using flink-connector-starrocks
- DataX Writer
- Data Export
- Using StarRocks
- Reference
- SQL Reference
- User Account Management
- Cluster Management
- ADMIN CANCEL REPAIR
- ADMIN CHECK TABLET
- ADMIN REPAIR
- ADMIN SET CONFIG
- ADMIN SET REPLICA STATUS
- ADMIN SHOW CONFIG
- ADMIN SHOW REPLICA DISTRIBUTION
- ADMIN SHOW REPLICA STATUS
- ALTER SYSTEM
- CANCEL DECOMMISSION
- CREATE FILE
- DROP FILE
- INSTALL PLUGIN
- SHOW BACKENDS
- SHOW BROKER
- SHOW FILE
- SHOW FRONTENDS
- SHOW FULL COLUMNS
- SHOW INDEX
- SHOW PLUGINS
- SHOW TABLE STATUS
- UNINSTALL PLUGIN
- DDL
- ALTER DATABASE
- ALTER TABLE
- ALTER VIEW
- BACKUP
- CANCEL BACKUP
- CANCEL RESTORE
- CREATE DATABASE
- CREATE INDEX
- CREATE MATERIALIZED VIEW
- CREATE REPOSITORY
- CREATE RESOURCE
- CREATE TABLE AS SELECT
- CREATE TABLE LIKE
- CREATE TABLE
- CREATE VIEW
- CREATE FUNCTION
- DROP DATABASE
- DROP INDEX
- DROP MATERIALIZED VIEW
- DROP REPOSITORY
- DROP RESOURCE
- DROP TABLE
- DROP VIEW
- DROP FUNCTION
- HLL
- RECOVER
- RESTORE
- SHOW RESOURCES
- SHOW FUNCTION
- TRUNCATE TABLE
- DML
- ALTER ROUTINE LOAD
- BROKER LOAD
- CANCEL LOAD
- DELETE
- EXPORT
- GROUP BY
- INSERT
- PAUSE ROUTINE LOAD
- RESUME ROUTINE LOAD
- ROUTINE LOAD
- SELECT
- SHOW ALTER
- SHOW BACKUP
- SHOW DATA
- SHOW DATABASES
- SHOW DELETE
- SHOW DYNAMIC PARTITION TABLES
- SHOW EXPORT
- SHOW LOAD
- SHOW PARTITIONS
- SHOW PROPERTY
- SHOW REPOSITORIES
- SHOW RESTORE
- SHOW ROUTINE LOAD
- SHOW ROUTINE LOAD TASK
- SHOW SNAPSHOT
- SHOW TABLES
- SHOW TABLET
- SHOW TRANSACTION
- SPARK LOAD
- STOP ROUTINE LOAD
- STREAM LOAD
- Data Types
- Auxiliary Commands
- Function Reference
- Java UDFs
- Window Function
- Date Functions
- convert_tz
- curdate
- current_timestamp
- curtime
- datediff
- date_add
- date_format
- date_sub
- date_trunc
- day
- dayname
- dayofmonth
- dayofweek
- dayofyear
- from_days
- from_unixtime
- hour
- minute
- month
- monthname
- now
- quarter
- second
- str_to_date
- timediff
- timestampadd
- timestampdiff
- to_date
- to_days
- unix_timestamp
- utc_timestamp
- weekofyear
- year
- hours_diff
- minutes_diff
- months_diff
- seconds_diff
- weeks_diff
- years_diff
- Aggregate Functions
- Geographic Functions
- String Functions
- JSON Functions
- Overview of JSON functions and operators
- JSON constructor functions
- JSON query and processing functions
- JSON operators
- Aggregate Functions
- Bitmap Functions
- Array Functions
- cast function
- hash function
- Cryptographic Functions
- Math Functions
- Utility Functions
- System variables
- Error code
- System limits
- SQL Reference
- Administration
- FAQ
- Deploy
- Data Migration
- SQL
- Other FAQs
- Benchmark
- Developers
- Contribute to StarRocks
- Code Style Guides
- Use the debuginfo file for debugging
- Development Environment
- Trace Tools
- Integration
GRANT
description
The GRANT command is used to give the specified user or role a specified permission.
Syntax
GRANT privilege_list ON db_name[.tbl_name] TO user_identity [ROLE role_name]
GRANT privilege_list ON RESOURCE resource_name TO user_identity [ROLE role_name]
permission_list is a list of permissions that need to be granted and that are separated by commas. Currently, StarRocks supports the following permissions:
NODE_PRIV: Operational permissions of cluster nodes, including taking nodes offline and online. This permission is only granted to root users.
ADMIN_PRIV: All permissions except NODE_PRIV.
GRANT_PRIV: The permission to alter operational permissions, including the creating and dropping users and roles, granting, revoking, setting passwords and etc.
SELECT_PRIV: Read permissions for specified libraries or tables.
LOAD_PRIV: Import permissions for specified libraries or tables.
ALTER_PRIV: Schema change permissions for specified libraries or tables.
CREATE_PRIV: Creation permissions for specified libraries or tables.
DROP_PRIV: Deletion permissions for specified libraries or tables.
USAGE_PRIV: Usage permissions for specified resources. ALL and READ_WRITE in previous permissions will be transformed as SELECT_PRIV, LOAD_PRIV, ALTER_PRIV, CREATE_PRIV, DROP_PRIV; READ_ONLY will be transformed as SELECT_PRIV.
Types of permissions:
1. Node permission: NODE_PRIV
2. Library and table permissions: SELECT_PRIV, LOAD_PRIV, ALTER_PRIV, CREATE_PRIV, DROP_PRIV
3. Resource permission: USAGE_PRIVdb_name[.tbl_name] supports the following three forms:
1. *.* permission applies to all libraries and all tables in these libraries
2. db.* permission applies to all tables under specified libraries
3. db.tbl permission applies to specified tables under specified libraries Here, the specified libraries and tables may not yet exist.
resource_name supports the following two forms:
1. * permission applies to all resources
2. resource permission applies to specified resourcesHere, specified resources may not yet exist.
user_identity:Here, the syntax of user_identity is the same as that of CREATE USER and must be the user_identity previously created through CREATE USER. The host in user_identity could be a domain name. If it is, there may be a short one-minute delay before the permission comes into effect.
Permissions may also be granted to specified ROLE, which will be automatically created if it does not exist.
example
Grant permissions to all libraries and tables to users.
GRANT SELECT_PRIV ON *.* TO 'jack'@'%';Grant permission to specified libraries and tables to users.
GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON db1.tbl1 TO 'jack'@'192.8.%';Grant permissions to specified libraries and tables to roles.
GRANT LOAD_PRIV ON db1.* TO ROLE 'my_role';Grant permissions to specified libraries and tables to roles.
GRANT USAGE_PRIV ON RESOURCE * TO 'jack'@'%';Grant permission to specified resources to users.
GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO 'jack'@'%';Grant permission to specified resources to roles.
GRANT USAGE_PRIV ON RESOURCE 'spark_resource' TO ROLE 'my_role';
keyword
GRANT