grant

Syntax

grant(userId|groupId,accessType,[objs])

Arguments

userId | groupId is a string indicating a user name or a group name.

accessType is the privilege type or memory limit.

objs (optional) is a STRING scalar/vector indicating the objects that the priviledges specified by accessType applies to.

See the privilege table in User Access Control for the values that accessType and objs can take.

Details

  1. Grant a user or group with the specified privilege.

    You can grant a user DB_OWNER privilege while restricting the user to creating and managing databases with specific prefixes only. This cannot be removed by deny or revoke.

  2. Set the memory limit of a query result (when accessType = QUERY_RESULT_MEM_LIMIT) or the memory limit of a task group (when accessType = TASK_GROUP_MEM_LIMIT) for a user. Different from commands setMemLimitOfQueryResult and setMemLimitOfTaskGroupResult, grant only applies to the specified user (group is not supported). You can use revoke to remove the memory limit set with grant.

Administrators can grant users all privileges (accessType) through this command, but regular users, after having the relevant OWNER privileges, can only grant the following privileges through this command: TABLE_READ, TABLE_WRITE, TABLE_INSERT, TABLE_UPDATE, TABLE_DELETE, DB_READ, DB_WRITE, DB_INSERT, DB_UPDATE, DB_DELETE, DBOBJ_DELETE, DBOBJ_CREATE and VIEW_EXEC.

Examples

All members of the group "production" can read all tables in all databases:

grant(`production, TABLE_READ, "*")

All members of the group "research" can write to the table dfs://db1/t1:

grant(`research, TABLE_WRITE, "dfs://db1/t1")

All members of the group "research" can create tables in the databases dfs://db1 and dfs://db2:

grant("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])

The user "AlexSmith" can create or delete databases:

grant("AlexSmith", DB_MANAGE)

The user "AlexSmith" can execute script:

grant("AlexSmith", SCRIPT_EXEC)

The user "AlexSmith" can test script:

grant("AlexSmith", TEST_EXEC)

Set the memory limit of query result to 4 GB for the user "AlexSmith".

grant("AlexSmith", QUERY_RESULT_MEM_LIMIT, 4)

Grant user "AlexSmith" the privilege to create and manage databases with prefix "dbxxx".

grant("AlexSmith", DB_OWNER, "dfs://db0*")