vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/dev/dws_04_0060.html
Lu, Huayi a24ca60074 DWS DEVELOPER 811 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2023-01-19 13:37:49 +00:00

39 lines
7.4 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001145494829"></a><a name="EN-US_TOPIC_0000001145494829"></a>
<h1 class="topictitle1">User Permission Setting</h1>
<div id="body8662426"><ul id="EN-US_TOPIC_0000001145494829__u4d00d0b1312f4bfd98f628d76c4c33a3"><li id="EN-US_TOPIC_0000001145494829__l0652cc2f872540b39dadf06043ecd992">To grant the permission for an object directly to a user, use <strong id="EN-US_TOPIC_0000001145494829__b2026814461488">GRANT</strong>.<p id="EN-US_TOPIC_0000001145494829__a628135a5c5974571b0acd1fc59b4de58">When permissions for a table or view in a schema are granted to a user or role, the <strong id="EN-US_TOPIC_0000001145494829__b115195191411">USAGE</strong> permission of the schema must be granted together. Otherwise, the user or role can only see the names of the objects but cannot actually access them.</p>
<p id="EN-US_TOPIC_0000001145494829__adb9ddeb1b84f4d24b84aa542852162b0">In the following example, permissions for the schema <strong id="EN-US_TOPIC_0000001145494829__b10238359161511">tpcds</strong> are first granted to the user <strong id="EN-US_TOPIC_0000001145494829__b86639991616">joe</strong>, and then the <strong id="EN-US_TOPIC_0000001145494829__b77501819161">SELECT</strong> permission for the <strong id="EN-US_TOPIC_0000001145494829__b1975842910164"><span id="EN-US_TOPIC_0000001145494829__en-us_topic_0155089864_text916711817457">tpcds.</span>web_returns</strong> table is also granted.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001145494829__s64816eb39e7440668aa6957718ad1d76"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">USAGE</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">tpcds</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">joe</span><span class="p">;</span><span class="w"></span>
<span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">tpcds</span><span class="p">.</span><span class="n">web_returns</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">joe</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</li><li id="EN-US_TOPIC_0000001145494829__l456bbf1fee3d4d1594d2a45d51fbc90c">Granting a role to a user allows the user to inherit the object permissions of the role.<ol id="EN-US_TOPIC_0000001145494829__oc749dfc1add84852a2272ede7caf28fe"><li id="EN-US_TOPIC_0000001145494829__la5bcc4c1d76c44c9bdad099c54b7df24">Create a role.<p id="EN-US_TOPIC_0000001145494829__af2ea164a79aa4220b190dd94db0c543f"><a name="EN-US_TOPIC_0000001145494829__la5bcc4c1d76c44c9bdad099c54b7df24"></a><a name="la5bcc4c1d76c44c9bdad099c54b7df24"></a>Create a role <strong id="EN-US_TOPIC_0000001145494829__b1293453148">lily</strong> and grant the system permission <strong id="EN-US_TOPIC_0000001145494829__b17938501410">CREATEDB</strong> to the role.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001145494829__s7856d481d99443708d10dd2956f4b065"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">lily</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="k">CREATEDB</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'password'</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</li><li id="EN-US_TOPIC_0000001145494829__l2ece061b2def4d5783e71606c8e98e06">To grant object permissions to a role, use <strong id="EN-US_TOPIC_0000001145494829__b16331297146">GRANT</strong>.<p id="EN-US_TOPIC_0000001145494829__a512f878317184178a38a66c02f46812e">For example, first grant permissions for the schema <strong id="EN-US_TOPIC_0000001145494829__b5229542111814">tpcds</strong> to the role <strong id="EN-US_TOPIC_0000001145494829__b677974919188">lily</strong>, and then grant the <strong id="EN-US_TOPIC_0000001145494829__b04261018191">SELECT</strong> permission of the <strong id="EN-US_TOPIC_0000001145494829__b854820851917"><span id="EN-US_TOPIC_0000001145494829__en-us_topic_0155089864_text3802194554914">tpcds.</span>web_returns</strong> table to <strong id="EN-US_TOPIC_0000001145494829__b1382561431919">lily</strong>.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001145494829__sfd7c911cc86147dcadd1c3f050bf3903"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">USAGE</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">tpcds</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">lily</span><span class="p">;</span><span class="w"></span>
<span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">tpcds</span><span class="p">.</span><span class="n">web_returns</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">lily</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
</li><li id="EN-US_TOPIC_0000001145494829__l2e777a3c72944fc59c31f79ba64a9d73">Grant the role permissions to a user.<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001145494829__s38cacaf50cc148a6931e151f65e35cbc"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="n">lily</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">joe</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<div class="note" id="EN-US_TOPIC_0000001145494829__n7fa9e5c9d25c4fef93a37a193a2c2690"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001145494829__abaeb9b5718604f858d9766e7114c9d72">When the permissions of a role are granted to a user, the attributes of the role are not transferred together.</p>
</div></div>
</li></ol>
</li><li id="EN-US_TOPIC_0000001145494829__l32faea1ba7b94871b9444985207b1771">To revoke user permissions, use <strong id="EN-US_TOPIC_0000001145494829__b12493771397">REVOKE</strong>.</li></ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0053.html">Managing Users and Their Permissions</a></div>
</div>
</div>
View Git Blame Copy Permalink