vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_24057.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

131 lines
23 KiB
HTML
Raw Blame History

<a name="mrs_01_24057"></a><a name="mrs_01_24057"></a>
<h1 class="topictitle1">ClickHouse User and Permission Management</h1>
<div id="body0000001092446216"><div class="section" id="mrs_01_24057__section134732263412"><h4 class="sectiontitle">User Permission Model</h4><p id="mrs_01_24057__p216051015420">ClickHouse user permission management enables unified management of users, roles, and permissions on each ClickHouse instance in the cluster. You can use the permission management module of the Manager UI to create users, create roles, and bind the ClickHouse access permissions. User permissions are controlled by binding roles to users.</p>
<p id="mrs_01_24057__p10125016105719">Resource management: <a href="#mrs_01_24057__table858112220269">Table 1</a> lists the resources supported by ClickHouse permission management.</p>
<p id="mrs_01_24057__p19132151719578">Resource permissions: <a href="#mrs_01_24057__table20282143414276">Table 2</a> lists the resource permissions supported by ClickHouse.</p>
<div class="tablenoborder"><a name="mrs_01_24057__table858112220269"></a><a name="table858112220269"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_24057__table858112220269" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Permission management objects supported by ClickHouse</caption><thead align="left"><tr id="mrs_01_24057__row1060410213269"><th align="left" class="cellrowborder" valign="top" width="37.46%" id="mcps1.3.1.5.2.4.1.1"><p id="mrs_01_24057__p196049210264">Resource</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.43%" id="mcps1.3.1.5.2.4.1.2"><p id="mrs_01_24057__p146041321262">Integration</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="41.11%" id="mcps1.3.1.5.2.4.1.3"><p id="mrs_01_24057__p76048219260">Remarks</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_24057__row360442182620"><td class="cellrowborder" valign="top" width="37.46%" headers="mcps1.3.1.5.2.4.1.1 "><p id="mrs_01_24057__p46043210263">Database</p>
</td>
<td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.1.5.2.4.1.2 "><p id="mrs_01_24057__p1260572102615">Yes (level 1)</p>
</td>
<td class="cellrowborder" valign="top" width="41.11%" headers="mcps1.3.1.5.2.4.1.3 "><p id="mrs_01_24057__p76051429264">-</p>
</td>
</tr>
<tr id="mrs_01_24057__row960517272615"><td class="cellrowborder" valign="top" width="37.46%" headers="mcps1.3.1.5.2.4.1.1 "><p id="mrs_01_24057__p12605129262">Table</p>
</td>
<td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.1.5.2.4.1.2 "><p id="mrs_01_24057__p1160518232618">Yes (level 2)</p>
</td>
<td class="cellrowborder" valign="top" width="41.11%" headers="mcps1.3.1.5.2.4.1.3 "><p id="mrs_01_24057__p3605622268">-</p>
</td>
</tr>
<tr id="mrs_01_24057__row1560522192619"><td class="cellrowborder" valign="top" width="37.46%" headers="mcps1.3.1.5.2.4.1.1 "><p id="mrs_01_24057__p060552172610">View</p>
</td>
<td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.1.5.2.4.1.2 "><p id="mrs_01_24057__p136051324265">Yes (level 2)</p>
</td>
<td class="cellrowborder" valign="top" width="41.11%" headers="mcps1.3.1.5.2.4.1.3 "><p id="mrs_01_24057__p1560515215269">Same as tables</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="mrs_01_24057__table20282143414276"></a><a name="table20282143414276"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_24057__table20282143414276" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Resource permission list</caption><thead align="left"><tr id="mrs_01_24057__row17301183412273"><th align="left" class="cellrowborder" valign="top" width="33.46%" id="mcps1.3.1.6.2.4.1.1"><p id="mrs_01_24057__p1430123413278">Resource</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.54%" id="mcps1.3.1.6.2.4.1.2"><p id="mrs_01_24057__p13011334142715">Available Permission</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="45%" id="mcps1.3.1.6.2.4.1.3"><p id="mrs_01_24057__p1807122544019">Remarks</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_24057__row030119340272"><td class="cellrowborder" valign="top" width="33.46%" headers="mcps1.3.1.6.2.4.1.1 "><p id="mrs_01_24057__p103011234192713">Database</p>
</td>
<td class="cellrowborder" valign="top" width="21.54%" headers="mcps1.3.1.6.2.4.1.2 "><p id="mrs_01_24057__p23011934102712">CREATE</p>
</td>
<td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.1.6.2.4.1.3 "><p id="mrs_01_24057__p12807225114014">CREATE DATABASE/TABLE/VIEW/DICTIONARY</p>
</td>
</tr>
<tr id="mrs_01_24057__row730113422719"><td class="cellrowborder" valign="top" width="33.46%" headers="mcps1.3.1.6.2.4.1.1 "><p id="mrs_01_24057__p14301143416278">Table/View</p>
</td>
<td class="cellrowborder" valign="top" width="21.54%" headers="mcps1.3.1.6.2.4.1.2 "><p id="mrs_01_24057__p143016346273">SELECT/INSERT</p>
</td>
<td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.1.6.2.4.1.3 "><p id="mrs_01_24057__p1780719254404">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="mrs_01_24057__section119238134364"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_24057__ul16883222104420"><li id="mrs_01_24057__li388314220447">The ClickHouse and Zookeeper services are running properly.</li><li id="mrs_01_24057__li1131475912441">When creating a database or table in the cluster, the <strong id="mrs_01_24057__b2694330192214">ON CLUSTER</strong> statement is used to ensure that the metadata of the database and table on each ClickHouse node is the same.</li></ul>
<div class="note" id="mrs_01_24057__note114185971811"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_24057__p3141659181817">After the permission is granted, it takes about 1 minute for the permission to take effect.</p>
</div></div>
</div>
<div class="section" id="mrs_01_24057__section1688472043712"><a name="mrs_01_24057__section1688472043712"></a><a name="section1688472043712"></a><h4 class="sectiontitle">Adding the ClickHouse Role</h4><ol id="mrs_01_24057__ol163115417381"><li id="mrs_01_24057__li1963114410388"><span>Log in to Manager and choose <strong id="mrs_01_24057__b0904132611249">System</strong> &gt; <strong id="mrs_01_24057__b6911132914247">Permission</strong> &gt; <strong id="mrs_01_24057__b1967163182419">Role</strong>. On the <strong id="mrs_01_24057__b11656125732415">Role</strong> page, click <strong id="mrs_01_24057__b235460132514">Create Role</strong>.</span><p><p id="mrs_01_24057__p125875209168"></p>
</p></li><li id="mrs_01_24057__li073130203811"><span>On the <strong id="mrs_01_24057__b1622717582352">Create Role</strong> page, specify <strong id="mrs_01_24057__b228184915309">Role Name</strong>. In the <strong id="mrs_01_24057__b1654910319311">Configure Resource Permission</strong> area, click the cluster name. On the service list page that is displayed, click the ClickHouse service.</span><p><p id="mrs_01_24057__p255918109487">Determine whether to create a role with ClickHouse administrator permission based on service requirements.</p>
<div class="note" id="mrs_01_24057__note09689489455"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="mrs_01_24057__ul148491335135213"><li id="mrs_01_24057__li11849113514524">The ClickHouse administrator has all the database operation permissions except the permissions to create, delete, and modify users and roles.</li><li id="mrs_01_24057__li107053378527">Only the built-in user <strong id="mrs_01_24057__b168893414204">clickhouse</strong> of ClickHouse has the permission to manage users and roles.</li></ul>
</div></div>
<ul id="mrs_01_24057__ul12348142734020"><li id="mrs_01_24057__li3349122724013">If yes, go to <a href="#mrs_01_24057__li9365913184120">3</a>.</li><li id="mrs_01_24057__li18910534409">If no, go to <a href="#mrs_01_24057__li13347154819413">4</a>.</li></ul>
<p id="mrs_01_24057__p10653161052014"></p>
</p></li><li id="mrs_01_24057__li9365913184120"><a name="mrs_01_24057__li9365913184120"></a><a name="li9365913184120"></a><span>Select <strong id="mrs_01_24057__b1369124116119">SUPER_USER_GROUP</strong> and click <strong id="mrs_01_24057__b470114121112">OK</strong>.</span></li><li id="mrs_01_24057__li13347154819413"><a name="mrs_01_24057__li13347154819413"></a><a name="li13347154819413"></a><span>Click <strong id="mrs_01_24057__b1965637203418">ClickHouse Scope</strong>. The ClickHouse database resource list is displayed. If you select <strong id="mrs_01_24057__b1530214662012">create</strong>, the role has the create permission on the database.</span><p><p id="mrs_01_24057__p1760715711237"></p>
<p id="mrs_01_24057__p153609519343">Determine whether to grant the permission based on the service requirements.</p>
<ul id="mrs_01_24057__ul9541114164214"><li id="mrs_01_24057__li154234184210">If yes, click <strong id="mrs_01_24057__b63441558163412">OK</strong>.</li><li id="mrs_01_24057__li19542144144219">If no, go to <a href="#mrs_01_24057__li17964516204412">5</a>.</li></ul>
</p></li><li id="mrs_01_24057__li17964516204412"><a name="mrs_01_24057__li17964516204412"></a><a name="li17964516204412"></a><span>Click the resource name and select the <em id="mrs_01_24057__i1819041102415">Database resource name to be operated</em>. On the displayed page, select <strong id="mrs_01_24057__b1577042713223">READ</strong> (SELECT permission) or <strong id="mrs_01_24057__b16961174116227">WRITE</strong> (INSERT permission) based on service requirements, and click <strong id="mrs_01_24057__b1448311514223">OK</strong>.</span><p><p id="mrs_01_24057__p1861105293715"></p>
</p></li></ol>
</div>
<div class="section" id="mrs_01_24057__section6798124218430"><h4 class="sectiontitle">Adding a User and Binding the ClickHouse Role to the User</h4><ol id="mrs_01_24057__ol1383271918547"><li id="mrs_01_24057__li1183214191540"><a name="mrs_01_24057__li1183214191540"></a><a name="li1183214191540"></a><span>Log in to Manager and choose <strong id="mrs_01_24057__b15838115104815">System</strong> &gt; <strong id="mrs_01_24057__b15849851484">Permission</strong> &gt; <strong id="mrs_01_24057__b985417574817">User</strong> and click <strong id="mrs_01_24057__b1986418518484">Create</strong>.</span></li><li id="mrs_01_24057__li0521154115455"><span>Select <strong id="mrs_01_24057__b6581153133212">Human-Machine</strong> for<strong id="mrs_01_24057__b367114123314"> User Type</strong> and set <strong id="mrs_01_24057__b250492711331">Password</strong> and <strong id="mrs_01_24057__b16182136193317">Confirm Password</strong> to the password of the user.</span><p><div class="note" id="mrs_01_24057__note1454394019318"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="mrs_01_24057__ul9156135863113"><li id="mrs_01_24057__li615715818314">Username: The username cannot contain hyphens (-). Otherwise, the authentication will fail.</li><li id="mrs_01_24057__li7693437163212">Password: The password cannot contain special characters $, ., and #. Otherwise, the authentication will fail.</li></ul>
</div></div>
</p></li><li id="mrs_01_24057__li766510438542"><span>In the <strong id="mrs_01_24057__b9294172720127">Role </strong>area, click <strong id="mrs_01_24057__b930162711129">Add</strong>. In the displayed dialog box, select a role with the ClickHouse permission and click <strong id="mrs_01_24057__b4301152701213">OK </strong>to add the role. Then, click <strong id="mrs_01_24057__b130216279127">OK</strong>.</span><p><p id="mrs_01_24057__p17868564419"></p>
</p></li><li id="mrs_01_24057__li13381199142"><span>Log in to the node where the ClickHouse client is installed and use the new username and password to connect to the ClickHouse service.</span><p><ul id="mrs_01_24057__ul153882054111619"><li id="mrs_01_24057__li23884541169">Run the following command to go to the client installation directory:<p id="mrs_01_24057__p1391573401519"><a name="mrs_01_24057__li23884541169"></a><a name="li23884541169"></a><strong id="mrs_01_24057__b16279617172517">cd /opt/</strong><em id="mrs_01_24057__i2279417132512">Client installation directory</em></p>
</li><li id="mrs_01_24057__li1366263191718">Run the following command to configure environment variables:<p id="mrs_01_24057__p14915123415151"><a name="mrs_01_24057__li1366263191718"></a><a name="li1366263191718"></a><strong id="mrs_01_24057__b20915203414157">source bigdata_env</strong></p>
</li><li id="mrs_01_24057__li1910333418475">If Kerberos authentication is enabled for the current cluster, run the following command to authenticate the current user. The user must have the permission to create ClickHouse tables. Therefore, you need to bind the corresponding role to the user. For details, see <a href="#mrs_01_24057__section1688472043712">Adding the ClickHouse Role</a>. If Kerberos authentication is disabled for the current cluster, skip this step.<ol type="a" id="mrs_01_24057__ol1866012514315"><li id="mrs_01_24057__li176608516311">Run the following command if it is an MRS 3.1.0 cluster:<p id="mrs_01_24057__p7682548193118"><a name="mrs_01_24057__li176608516311"></a><a name="li176608516311"></a><strong id="mrs_01_24057__b1021434712315">export CLICKHOUSE_SECURITY_ENABLED=true</strong></p>
</li><li id="mrs_01_24057__li68271257135"><strong id="mrs_01_24057__b06271142235">kinit </strong><em id="mrs_01_24057__i543618575313">User added in <a href="#mrs_01_24057__li1183214191540">1</a></em></li></ol>
</li><li id="mrs_01_24057__li183951616173115">Log in to the system as the new user.<p id="mrs_01_24057__p5404121783111"><a name="mrs_01_24057__li183951616173115"></a><a name="li183951616173115"></a><strong id="mrs_01_24057__b4725135816347">Cluster with Kerberos authentication disabled:</strong></p>
<p id="mrs_01_24057__p1456165281811"><strong id="mrs_01_24057__b725033842114">clickhouse client --host </strong><em id="mrs_01_24057__i17584103812118">IP address of the ClickHouse instance</em><strong id="mrs_01_24057__b1588111192014"> --multiline </strong><strong id="mrs_01_24057__b346184420125">--port </strong><em id="mrs_01_24057__i246104471216">ClickHouse port number</em> <strong id="mrs_01_24057__b7756175095920">--secure</strong></p>
<p id="mrs_01_24057__p7564321193213"><strong id="mrs_01_24057__b9549125112713">Cluster with Kerberos authentication disabled:</strong></p>
<p id="mrs_01_24057__p1470624819335"><strong id="mrs_01_24057__b454321274717">clickhouse client --host </strong><em id="mrs_01_24057__i1155441214471">IP address of the ClickHouse instance</em><strong id="mrs_01_24057__b155415124475">--user </strong><em id="mrs_01_24057__i1755441219473">Username</em><strong id="mrs_01_24057__b18555101220475"> --password</strong><strong id="mrs_01_24057__b2555112154716"> --port </strong>9440 <strong id="mrs_01_24057__b1955741264715">--secure</strong></p>
<p id="mrs_01_24057__p433157193319"><em id="mrs_01_24057__i10174132115479">Enter the user password.</em></p>
<div class="note" id="mrs_01_24057__note1723453953613"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_24057__p1823511398363">The user in normal mode is the default user, or you can create an administrator using the open source capability provided by the ClickHouse community. You cannot use the users created on FusionInsight Manager.</p>
</div></div>
</li></ul>
</p></li></ol>
</div>
<div class="section" id="mrs_01_24057__section5311427122717"><h4 class="sectiontitle">Granting Permissions Using the Client in Abnormal Scenarios</h4><p id="mrs_01_24057__p923242412283">By default, the table metadata on each node of the ClickHouse cluster is the same. Therefore, the table information on a random ClickHouse node is collected on the permission management page of Manager. If the <strong id="mrs_01_24057__b85201416192515">ON CLUSTER</strong> statement is not used when databases or tables are created on some nodes, the resource may fail to be displayed during permission management, and permissions may not be granted to the resource. To grant permissions on the local table on a single ClickHouse node, perform the following steps on the background client.</p>
<div class="note" id="mrs_01_24057__note13821183423719"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_24057__p10822123483714">The following operations are performed based on the obtained roles, database or table names, and IP addresses of the node where the corresponding ClickHouseServer instance is located.</p>
<ul id="mrs_01_24057__ul6663103194414"><li id="mrs_01_24057__li7663143117447">You can log in to FusionInsight Manager and choose <strong id="mrs_01_24057__b57482463454">Cluster</strong> &gt; <strong id="mrs_01_24057__b19749646114512">Services</strong> &gt; <strong id="mrs_01_24057__b15749346134516">ClickHouse</strong> &gt; <strong id="mrs_01_24057__b147498466457">Instance</strong> to obtain the service IP address of the ClickHouseServer instance.</li><li id="mrs_01_24057__li7131103318447">The default system domain name is <strong id="mrs_01_24057__b134361946151311">hadoop.com</strong>. Log in to FusionInsight Manager and choose <strong id="mrs_01_24057__b058312588467">System</strong> &gt; <strong id="mrs_01_24057__b1058425874616">Permission</strong> &gt; <strong id="mrs_01_24057__b6584135864611">Domain and Mutual Trust</strong>. The value of <strong id="mrs_01_24057__b858418580465">Local Domain</strong> is the system domain name. Change the letters to lowercase letters when running a command.</li></ul>
</div></div>
</div>
<ol id="mrs_01_24057__ol86205115504"><li id="mrs_01_24057__li14621174714330"><span>Log in to the node where the ClickHouseServer instance is located as user <strong id="mrs_01_24057__b141535636625333">root</strong>.</span></li><li id="mrs_01_24057__li10408141903516"><a name="mrs_01_24057__li10408141903516"></a><a name="li10408141903516"></a><span>Run the following command to obtain the path of the <strong id="mrs_01_24057__b16815134215489">clickhouse.keytab</strong> file:</span><p><p id="mrs_01_24057__p2088093683711"><strong id="mrs_01_24057__b58285331372">ls ${BIGDATA_HOME}/FusionInsight_ClickHouse_*/install/FusionInsight-ClickHouse-*/clickhouse/keytab/clickhouse.keytab</strong></p>
</p></li><li id="mrs_01_24057__li10269200102512"><span>Log in to the node where the client is installed as the client installation user.</span></li><li id="mrs_01_24057__li4269903251"><span>Run the following command to go to the client installation directory:</span><p><p id="mrs_01_24057__p1526916017259"><strong id="mrs_01_24057__b426990122515">cd /opt/client</strong></p>
</p></li><li id="mrs_01_24057__li172699012517"><span>Run the following command to configure environment variables:</span><p><p id="mrs_01_24057__p172694017259"><strong id="mrs_01_24057__b16269180122520">source bigdata_env</strong></p>
<p id="mrs_01_24057__p447418615711">Run the following command if it is an MRS 3.1.0 cluster with Kerberos authentication enabled:</p>
<p id="mrs_01_24057__p164127411710"><strong id="mrs_01_24057__b1441254774">export CLICKHOUSE_SECURITY_ENABLED=true</strong></p>
</p></li><li id="mrs_01_24057__li1262061185015"><span>Run the following command to connect to the ClickHouseServer instance:</span><p><p id="mrs_01_24057__p0751909518">If Kerberos authentication is enabled for the current cluster, run the following command:</p>
<p id="mrs_01_24057__p31931843115020"><strong id="mrs_01_24057__b13140928143210">clickhouse client --host </strong><em id="mrs_01_24057__i1747813281329">IP address of the node where the ClickHouseServer instance is located </em><strong id="mrs_01_24057__b10509153171312">--user clickhouse/hadoop.</strong><em id="mrs_01_24057__i10857125381315">&lt;System domain name&gt;</em><strong id="mrs_01_24057__b495120220242"> --password </strong> <em id="mrs_01_24057__i1643954133819">clickhouse.keytab path obtained in <a href="#mrs_01_24057__li10408141903516">2</a></em><strong id="mrs_01_24057__b16618437193816"> --port </strong><em id="mrs_01_24057__i261035015215">ClickHouse port number</em> <strong id="mrs_01_24057__b1620818220433">--secure</strong></p>
<p id="mrs_01_24057__p1786816817513">If Kerberos authentication is disabled for the current cluster, run the following command:</p>
<p id="mrs_01_24057__p1120111012513"><strong id="mrs_01_24057__b2425115095017">clickhouse client --host </strong><em id="mrs_01_24057__i12425105010504">IP address of the node where the ClickHouseServer instance is located</em><strong id="mrs_01_24057__b74264505509"> --user clickhouse</strong> <strong id="mrs_01_24057__b1842685016502">--port </strong><em id="mrs_01_24057__i1042615012505">ClickHouse port number</em></p>
</p></li><li id="mrs_01_24057__li192118542431"><span>Run the following statement to grant permissions to a database:</span><p><p id="mrs_01_24057__p2990155520438">In the syntax for granting permissions, <em id="mrs_01_24057__i1378775301516">DATABASE</em> indicates the name of the target database, and <em id="mrs_01_24057__i1950935111618">role</em> indicates the target role.</p>
<p id="mrs_01_24057__p199718465293"><strong id="mrs_01_24057__b168599893020">GRANT</strong> <strong id="mrs_01_24057__b1514412483015">[</strong><strong id="mrs_01_24057__b17551316183016">ON CLUSTER</strong><em id="mrs_01_24057__i19556132115308"> cluster_name</em><strong id="mrs_01_24057__b7535134815300">]</strong> <em id="mrs_01_24057__i171322173114">privilege </em><strong id="mrs_01_24057__b11302016173117">ON</strong> <em id="mrs_01_24057__i979315116326">{DATABASE|TABLE}</em> <strong id="mrs_01_24057__b12742514133217">TO</strong><em id="mrs_01_24057__i9213183018327"> {user | role]</em></p>
<p id="mrs_01_24057__p2437340183216">For example, grant user <strong id="mrs_01_24057__b1485735212247">testuser</strong> the CREATE permission on database <strong id="mrs_01_24057__b13581682518">t2</strong>:</p>
<p id="mrs_01_24057__p1959884615339"><strong id="mrs_01_24057__b526132423419">GRANT CREATE ON </strong><em id="mrs_01_24057__i20751162512342">m2</em><strong id="mrs_01_24057__b13759152912346"> to </strong><em id="mrs_01_24057__i97601129183417">testuser</em><strong id="mrs_01_24057__b14759629123416">;</strong></p>
</p></li><li id="mrs_01_24057__li207441234145217"><span>Run the following commands to grant permissions on the table or view. In the following command, <em id="mrs_01_24057__i1952116122414">TABLE</em> indicates the name of the table or view to be operated, and <em id="mrs_01_24057__i258171632410">user</em> indicates the role to be operated.</span><p><p id="mrs_01_24057__p10270171013539">Run the following command to grant the query permission on tables in a database:</p>
<p id="mrs_01_24057__p34781149195219"><strong id="mrs_01_24057__b177241253193912">GRANT SELECT ON </strong><em id="mrs_01_24057__i0724653183920">TABLE </em><strong id="mrs_01_24057__b931245673913">TO</strong> <em id="mrs_01_24057__i1831572420354">user</em><strong id="mrs_01_24057__b831212565391"><em id="mrs_01_24057__i18312056183914">;</em></strong></p>
<p id="mrs_01_24057__p16808131285318">Run the following command to grant the write permission on tables in a database:</p>
<p id="mrs_01_24057__p1126120570524"><strong id="mrs_01_24057__b7567744409">GRANT INSERT ON </strong><em id="mrs_01_24057__i2972962401">TABLE </em><strong id="mrs_01_24057__b18348113583518">TO </strong><em id="mrs_01_24057__i193590351356">user</em><strong id="mrs_01_24057__b32371036132117">;</strong></p>
</p></li><li id="mrs_01_24057__li9593731145318"><span>Run the following command to exit the client:</span><p><p id="mrs_01_24057__p263091271511"><strong id="mrs_01_24057__b10233203814534">quit;</strong></p>
</p></li></ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_24251.html">User Management and Authentication</a></div>
</div>
</div>
View Git Blame Copy Permalink