grant
Syntax
grant(userId|groupId,accessType,[objs])
Arguments
userId | groupId is a string indicating a user name or a group name.
accessType is the privilege type or memory limit.
objs (optional) is a STRING scalar/vector indicating the objects that the priviledges specified by accessType applies to.
See the privilege table in User Access Control for the values that accessType and objs can take.
Details
- Grant a user or group with the specified privilege.
You can grant a user DB_OWNER privilege while restricting the user to creating and managing databases with specific prefixes only. This cannot be removed by deny or revoke.
- Set the memory limit of a query result (when accessType =
QUERY_RESULT_MEM_LIMIT) or the memory limit of a task group (when
accessType = TASK_GROUP_MEM_LIMIT) for a user. Different from
commands setMemLimitOfQueryResult and setMemLimitOfTaskGroupResult,
grant
only applies to the specified user (group is not supported). You can userevoke
to remove the memory limit set withgrant
.
Administrators can grant users all privileges (accessType) through this command, but regular users, after having the relevant OWNER privileges, can only grant the following privileges through this command: TABLE_READ, TABLE_WRITE, TABLE_INSERT, TABLE_UPDATE, TABLE_DELETE, DB_READ, DB_WRITE, DB_INSERT, DB_UPDATE, DB_DELETE, DBOBJ_DELETE, DBOBJ_CREATE and VIEW_EXEC.
Examples
All members of the group "production" can read all tables in all databases:
grant(`production, TABLE_READ, "*")
All members of the group "research" can write to the table dfs://db1/t1:
grant(`research, TABLE_WRITE, "dfs://db1/t1")
All members of the group "research" can create tables in the databases dfs://db1 and dfs://db2:
grant("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])
The user "AlexSmith" can create or delete databases:
grant("AlexSmith", DB_MANAGE)
The user "AlexSmith" can execute script:
grant("AlexSmith", SCRIPT_EXEC)
The user "AlexSmith" can test script:
grant("AlexSmith", TEST_EXEC)
Set the memory limit of query result to 4 GB for the user "AlexSmith".
grant("AlexSmith", QUERY_RESULT_MEM_LIMIT, 4)
Grant user "AlexSmith" the privilege to create and manage databases with prefix "dbxxx".
grant("AlexSmith", DB_OWNER, "dfs://db0*")