OceanBase logo

OceanBase

A unified distributed database ready for your transactional, analytical, and AI workloads.

DEPLOY YOUR WAY

OceanBase Cloud

The best way to deploy and scale OceanBase

OceanBase Enterprise

Run and manage OceanBase on your infra

TRY OPEN SOURCE

OceanBase Community Edition

The free, open-source distributed database

OceanBase seekdb

Open source AI native search database

Customer Stories

Real-world success stories from enterprises across diverse industries.

View All
BY USE CASES

Mission-Critical Transactions

Global & Multicloud Application

Elastic Scaling for Peak Traffic

Real-time Analytics

Active Geo-redundancy

Database Consolidation

Resources

Comprehensive knowledge hub for OceanBase.

Blog

Live Demos

Training & Certification

Documentation

Official technical guides, tutorials, API references, and manuals for all OceanBase products.

View All
PRODUCTS

OceanBase Cloud

OceanBase Database

Tools

Connectors and Middleware

QUICK START

OceanBase Cloud

OceanBase Database

BEST PRACTICES

Practical guides for utilizing OceanBase more effectively and conveniently

Company

Learn more about OceanBase – our company, partnerships, and trust and security initiatives.

About OceanBase

Partner

Trust Center

Contact Us

International - English
中国站 - 简体中文
日本 - 日本語
Sign In
Start on Cloud

A unified distributed database ready for your transactional, analytical, and AI workloads.

DEPLOY YOUR WAY

OceanBase Cloud

The best way to deploy and scale OceanBase

OceanBase Enterprise

Run and manage OceanBase on your infra

TRY OPEN SOURCE

OceanBase Community Edition

The free, open-source distributed database

OceanBase seekdb

Open source AI native search database

Customer Stories

Real-world success stories from enterprises across diverse industries.

View All
BY USE CASES

Mission-Critical Transactions

Global & Multicloud Application

Elastic Scaling for Peak Traffic

Real-time Analytics

Active Geo-redundancy

Database Consolidation

Comprehensive knowledge hub for OceanBase.

Blog

Live Demos

Training & Certification

Documentation

Official technical guides, tutorials, API references, and manuals for all OceanBase products.

View All
PRODUCTS
OceanBase CloudOceanBase Database
ToolsConnectors and Middleware
QUICK START
OceanBase CloudOceanBase Database
BEST PRACTICES

Practical guides for utilizing OceanBase more effectively and conveniently

Learn more about OceanBase – our company, partnerships, and trust and security initiatives.

About OceanBase

Partner

Trust Center

Contact Us

Start on Cloud
编组
All Products
    • Databases
    • iconOceanBase Database
    • iconOceanBase Cloud
    • iconOceanBase Tugraph
    • iconInteractive Tutorials
    • iconOceanBase Best Practices
    • Tools
    • iconOceanBase Cloud Platform
    • iconOceanBase Migration Service
    • iconOceanBase Developer Center
    • iconOceanBase Migration Assessment
    • iconOceanBase Admin Tool
    • iconOceanBase Loader and Dumper
    • iconOceanBase Deployer
    • iconKubernetes operator for OceanBase
    • iconOceanBase Diagnostic Tool
    • iconOceanBase Binlog Service
    • Connectors and Middleware
    • iconOceanBase Database Proxy
    • iconEmbedded SQL in C for OceanBase
    • iconOceanBase Call Interface
    • iconOceanBase Connector/C
    • iconOceanBase Connector/J
    • iconOceanBase Connector/ODBC
    • iconOceanBase Connector/NET
icon

OceanBase Database

SQL - V4.0.0

  • Document overview
  • Overview
    • Overview
    • System architecture
    • Compatibility with MySQL
    • Limits
  • Get Started
    • Quick experience
    • Hands on for OceanBase SQL
      • Before you start
      • Basic SQL operations
    • Create a sample application
      • Connect to OceanBase Database by using a Python driver
      • Connect to OceanBase Database by using Go MySQL Driver
      • Connect a Java application to OceanBase Database
      • Connect a C application to OceanBase Database
    • Experience OceanBase advanced features
      • Experience scalable OLTP
        • Run the TPC-C benchmark test on OceanBase Database
        • Experience the hot row update capability of OceanBase Database
      • Experience operational OLAP
      • Experience parallel import and data compression
      • Experience the multitenancy feature
  • Develop
    • Connect to Oceanbase Database with client
      • Overview
      • Connect to OceanBase Database by using a MySQL client
      • Connect to OceanBase Database by using OBClient
      • Connect to OceanBase Database by using ODC
      • Connect Java applications to OceanBase Database
      • Connect to OceanBase Database by using Go MySQL Driver
      • Connect to OceanBase Database by using Unix ODBC
      • C application
        • OceanBase Connector/C
        • C API functions
        • Connect C applications to OceanBase Database
      • Connect Python applications to OceanBase Database
      • SpringBoot connection example
      • SpringBatch connection example
      • SpringJDBC connection example
      • SpringJPA connection example
      • Hibernate connection example
      • MyBatis connection example
      • Example of Database connection pool configuration
        • Overview of database connection pool configuration
        • Example of configuring a Tomcat connection pool
        • Example of configuring a C3P0 connection pool
        • Example of configuring a Proxool connection pool
        • Example of configuring a HiKariCP connection pool
        • Example of configuring a DBCP connection pool
        • CommonPool configuration example
        • Example of configuring a JDBC connection pool
    • Create and manage database objects
      • About DDL statements
      • View the currently connected database
      • Change the password of a user
      • Data type
        • General data types
        • Unsupported data types
      • Create and manage tables
        • About tables
        • Create a table
        • About auto-increment columns
        • About types of column constraints
        • About table structure modification
        • About table clearing
        • About table dropping
        • Flash back a dropped table
        • About table privileges
      • Create and manage partition tables
        • About partitioned tables
        • Create a partitioned table
        • Manage a partitioned table
        • Create a subpartitioned table
        • Manage a subpartitioned table
        • Partition routing
        • Indexes on partitioned tables
        • Suggestions on using partitioned tables
      • Create and manage indexes
        • About indexes
        • Create an index
        • Drop an index
      • Create and manage views
        • About views
        • Create a view
        • Modify a view
        • Delete a view
      • Create and manage sequences
        • About sequences
        • Create a sequence
        • Modify a sequence
        • Delete a sequence
    • Query
      • About queries
      • Single-table queries
      • Conditional queries
      • ORDER BY queries
      • GROUP BY queries
      • Use the LIMIT clause in queries
      • Query data from multiple tables
        • About multi-table join queries
        • INNER JOIN queries
        • OUTER JOIN queries
        • Subqueries
      • Use operators and functions in a query
        • Use arithmetic operators in queries
        • Use numerical functions in queries
        • Use string connectors in queries
        • Use string functions in queries
        • Use datetime functions in queries
        • Use type conversion functions in queries
        • Use aggregate functions in queries
        • Use NULL-related functions in queries
        • Use the CASE conditional operator in queries
        • Use the SELECT FOR UPDATE statement to lock query results
      • Execution plan
        • View an execution plan
        • Understand an execution plan
      • Use SQL hints in queries
      • Variables of query timeout
    • DML statements and transactions
      • DML statement
        • About DML statements
        • About the INSERT statement
        • UPDATE statements
        • About the DELETE statement
        • About the REPLACE INTO statement
      • Transactions
        • About transaction control statements
        • Start a transaction
        • Transaction savepoints
        • Commit a transaction
        • Roll back a transaction
        • About transaction timeout
    • Common errors and solutions
      • About error codes
      • Database connection error
      • About timeout
        • Idle session timeout
        • Transaction timeout errors
      • About user
        • Locked user
        • Incorrect user password
      • About table
        • Table already exists
        • Table does not exist
        • Invalid use of NULL value
      • About constraint
        • Unique key conflict
        • Foreign key conflict
      • About SQL commands
        • Data truncation
  • Deploy
    • Overview
    • On-premises deployment
      • Software and hardware requirements
      • Configuration before deployment
      • Deploy OceanBase Database online
      • Deploy OceanBase Database offline
    • Deploy OceanBase Database in a Kubernetes cluster
    • High availability deployment
      • Use Alibaba Otter to implement remote active-active disaster recovery
  • Migrate
    • Data Migration Overview
    • Migrate data from MySQL Database to OceanBase
      • Use Canal to synchronize MySQL data to OceanBase Database in real time
      • Use DataX to migrate MySQL data to OceanBase Database
      • Use DBCAT to migrate MySQL table schemas to OceanBase Database
      • Migrate MySQL table schemas to OceanBase Database by using mysqldump
      • Migrate MySQL table data to OceanBase Database by using mysqldump
    • Use OBDUMPER to export data from or OBLOADER to import data to OceanBase Database
    • Migrate data from CSV-file to OceanBase
      • Use DataX to load CSV data files to OceanBase Database
      • Use the LOAD DATA statement to load CSV data files to OceanBase Database
    • Migrate data from SQL files to OceanBase Database
    • Migrate data and resource units between tables
    • Migrate data from OceanBase Database to MySQL
      • Use Canal to synchronize OceanBase Database data to MySQL in real time

Download PDF

Document overview Overview System architecture Compatibility with MySQL Limits Quick experience Before you start Basic SQL operations Connect to OceanBase Database by using a Python driver Connect to OceanBase Database by using Go MySQL Driver Connect a Java application to OceanBase Database Connect a C application to OceanBase Database Experience operational OLAP Experience parallel import and data compression Experience the multitenancy feature Overview Connect to OceanBase Database by using a MySQL client Connect to OceanBase Database by using OBClient Connect to OceanBase Database by using ODC Connect Java applications to OceanBase Database Connect to OceanBase Database by using Go MySQL Driver Connect to OceanBase Database by using Unix ODBC Connect Python applications to OceanBase Database SpringBoot connection example SpringBatch connection example SpringJDBC connection example SpringJPA connection example Hibernate connection example MyBatis connection example About DDL statements View the currently connected database Change the password of a user About queries Single-table queries Conditional queries ORDER BY queries GROUP BY queries Use the LIMIT clause in queries Use SQL hints in queries Variables of query timeout About error codes Database connection error Overview Software and hardware requirements Configuration before deployment Deploy OceanBase Database online Deploy OceanBase Database offline Deploy OceanBase Database in a Kubernetes cluster Use Alibaba Otter to implement remote active-active disaster recovery Data Migration Overview Use Canal to synchronize MySQL data to OceanBase Database in real time Use DataX to migrate MySQL data to OceanBase Database Use DBCAT to migrate MySQL table schemas to OceanBase Database Migrate MySQL table schemas to OceanBase Database by using mysqldump Migrate MySQL table data to OceanBase Database by using mysqldump Use OBDUMPER to export data from or OBLOADER to import data to OceanBase Database Use DataX to load CSV data files to OceanBase Database Use the LOAD DATA statement to load CSV data files to OceanBase Database Migrate data from SQL files to OceanBase Database Migrate data and resource units between tables Use Canal to synchronize OceanBase Database data to MySQL in real time
OceanBase logo

The Unified Distributed Database for the AI Era.

Follow Us
Products
OceanBase CloudOceanBase EnterpriseOceanBase Community EditionOceanBase seekdb
Resources
DocsBlogLive DemosTraining & Certification
Company
About OceanBaseTrust CenterLegalPartnerContact Us
Follow Us

© OceanBase 2026. All rights reserved

Cloud Service AgreementPrivacy PolicySecurity
Contact Us
Document Feedback
  1. Documentation Center
  3. OceanBase Database
  5. SQL
  7. V4.0.0
iconOceanBase Database
SQL - V 4.0.0
SQL
KV
  • V 4.4.2
  • V 4.3.5
  • V 4.3.3
  • V 4.3.1
  • V 4.3.0
  • V 4.2.5
  • V 4.2.2
  • V 4.2.1
  • V 4.2.0
  • V 4.1.0
  • V 4.0.0
  • V 3.1.4 and earlier

About table privileges

Last Updated:2023-07-21 09:11:01  Updated
share
What is on this page
Grant privileges
Overview
Syntax
Parameters
Examples
Revoke privileges
Overview
Syntax
Parameters
Examples

folded

share

This topic describes how to grant and revoke table privileges.

Grant privileges

Overview

You can use the GRANT statement to grant privileges to other users as the system administrator.

Note

  • You can grant only the privileges that you have. For example, user1 attempts to grant the SELECT privilege on table tbl1 to user2. In this case, user1 must have the SELECT privilege on table tbl1 and the GRANT OPTION privilege.
  • After a user is granted a privilege, the privilege takes effect only after the user is reconnected to OceanBase Database.

Syntax

GRANT priv_type
    ON priv_level
    TO user_specification [, user_specification]...
     [WITH with_option ...]

priv_type:
      ALTER
    | CREATE
    | CREATE USER
    | CREATE VIEW
    | DELETE
    | DROP
    | GRANT OPTION
    | INDEX
    | INSERT
    | PROCESS
    | SELECT
    | SHOW DATABASES
    | SHOW VIEW
    | SUPER
    | UPDATE
    | USAGE

priv_level:
      *
    | *.*
    | database_name.*
    | database_name.table_name
    | table_name
    | database_name.rountine_name

user_specification:
user [IDENTIFIED BY [PASSWORD] 'password']

with_option:
 GRANT OPTION

Parameters

Parameter Description
priv_type The type of the privilege to be granted. For information about the specific privilege types and their description, see the following table. To grant multiple privileges to a user, separate the types with commas (,).
priv_level The level of the privilege to be granted. Privileges can be divided into the following levels:
  • Global: Privileges at this level apply to all databases. You can use the GRANT ALL ON *.* statement to grant global privileges.
  • Database level: Privileges at this level apply to all objects in a specified database. You can use the GRANT ALL ON db_name.* statement to grant database privileges.
  • Table level: Privileges at this level apply to all columns in a specified table. You can use the GRANT ALL ON database_name.table_name statement to grant table privileges.
If you replace table_name with an asterisk (*), privileges will be granted to all tables in the database.
user_specification Grants privileges to a specific user. If the user does not exist, you can directly create the user. When you grant privileges to multiple users, the usernames must be separated with commas (,).
user IDENTIFIED BY 'password' Displays the password in plaintext.
user IDENTIFIED BY PASSWORD 'password' Displays the password in ciphertext.
with_option Specifies whether to enable privilege delegation.

The following table lists the types of privileges that can be granted.

Privilege Note
ALL PRIVILEGES All privileges except GRANT OPTION.
ALTER The ALTER TABLE privilege.
CREATE The CREATE TABLE privilege.
CREATE USER The CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES privileges.
CREATE TABLEGROUP The global CREATE TABLEGROUP privilege.
DELETE The DELETE privilege.
DROP The DROP privilege.
GRANT OPTION The GRANT OPTION privilege.
INSERT The INSERT privilege.
SELECT The SELECT privilege.
UPDATE The UPDATE privilege.
SUPER The SET GLOBAL privilege for modifying global system parameters.
SHOW DATABASES The global SHOW DATABASES privilege.
INDEX The CREATE INDEX and DROP INDEX privileges.
CREATE VIEW The CREATE VIEW and DROP VIEW privileges.
SHOW VIEW The SHOW CREATE VIEW privilege.

Examples

  1. Grant all privileges to a user.

    1. Grant all privileges to the ny user.

      obclient> GRANT ALL PRIVILEGES ON *.* TO ny WITH GRANT OPTION;
Query OK, 0 rows affected

    2. View the privileges of the ny user.

      obclient> SHOW GRANTS FOR ny;
+-------------------------------------------------------+
| Grants for ny@%                                       |
+-------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'ny' WITH GRANT OPTION |
+-------------------------------------------------------+
1 row in set

  2. Grant a user all the privileges on a database.

    1. Grant the ny user all the privileges on the data_ny database.

      obclient> GRANT ALL PRIVILEGES ON data_ny.* to ny with GRANT OPTION;
Query OK, 0 rows affected (0.02 sec)

    2. View the privileges of the ny user on the data_ny database.

      obclient> SHOW GRANTS FOR ny;
+---------------------------------------------------------------+
| Grants for ny@%                                               |
+---------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ny'                                    |
| GRANT ALL PRIVILEGES ON `data_ny`.* TO 'ny' WITH GRANT OPTION |
+---------------------------------------------------------------+
2 rows in set

  3. Grant a user all the privileges on a table.

    1. Grant the ny user all the privileges on the dws_ny table in the data_ny database.

      obclient> GRANT ALL PRIVILEGES ON data_ny.dws_ny to ny with GRANT OPTION;
Query OK, 0 rows affected

    2. View the privileges of the ny user on the dws_ny table in the data_ny database.

      obclient> SELECT * FROM information_schema.TABLE_PRIVILEGES where TABLE_NAME='dws_ny';
+----------+---------------+--------------+------------+----------------+--------------+
| GRANTEE  | TABLE_CATALOG | TABLE_SCHEMA | TABLE_NAME | PRIVILEGE_TYPE | IS_GRANTABLE |
+----------+---------------+--------------+------------+----------------+--------------+
| 'ny'@'%' | def           | data_ny      | dws_ny     | ALTER          | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | CREATE         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | DELETE         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | DROP           | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | INSERT         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | UPDATE         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | SELECT         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | INDEX          | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | CREATE VIEW    | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | SHOW VIEW      | YES          |
+----------+---------------+--------------+------------+----------------+--------------+
10 rows in set

      Note

      Both the root user and ny user can query the privileges on the dws_ny table in the TABLE_PRIVILEGES table.

Revoke privileges

Overview

You can use the REVOKE statement as the system administrator to revoke privileges from a user.

Usage notes:

  • The user must be granted the privileges to be revoked and the GRANT OPTION privilege. For example, if user1 wants to revoke the SELECT privilege on table t1 from user2, user1 must have the SELECT privilege on table t1.

  • To revoke the ALL PRIVILEGES and GRANT OPTION privileges, you must have the global GRANT OPTION privilege or the UPDATE and DELETE privileges on the table.

  • The revocation does not extend to dependent users. For example, if user1 has granted some privileges to user2, when the privileges of user1 are revoked, the privileges granted to user2 are not revoked.

Syntax

REVOKE priv_type
     ON database.table_name
     FROM 'user_name';

priv_type:
      ALTER
    | CREATE
    | CREATE USER
    | CREATE VIEW
    | DELETE
    | DROP
    | GRANT OPTION
    | INDEX
    | INSERT
    | PROCESS
    | SELECT
    | SHOW DATABASES
    | SHOW VIEW
    | SUPER
    | UPDATE
    | USAGE

Parameters

Parameter Description
priv_type The type of the privilege to be revoked. For information about the specific privilege types and their description, see the following table. Multiple privileges must be separated with commas (,).
database.table_name The name of the table in the database on which the privilege is to be revoked. If you replace database or table_name with an asterisk (*), operation privileges on all tables in the database will be revoked.
user_name The name of the user from which the privilege is to be revoked. Multiple usernames must be separated with commas (,).

The following table lists the privileges that can be revoked.

Privilege Note
ALL PRIVILEGES All privileges except GRANT OPTION.
ALTER The ALTER TABLE privilege.
CREATE The CREATE TABLE privilege.
CREATE USER The CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES privileges.
CREATE TABLEGROUP The global CREATE TABLEGROUP privilege.
DELETE The DELETE privilege.
DROP The DROP privilege.
GRANT OPTION The GRANT OPTION privilege.
INSERT The INSERT privilege.
SELECT The SELECT privilege.
UPDATE The UPDATE privilege.
SUPER The SET GLOBAL privilege for modifying global system parameters.
SHOW DATABASES The global SHOW DATABASES privilege.
INDEX The CREATE INDEX and DROP INDEX privileges.
CREATE VIEW The CREATE VIEW and DROP VIEW privileges.
SHOW VIEW The SHOW CREATE VIEW privilege.

Note

Currently, all users in the SYS tenant can execute the CHANGE EFFECTIVE TENANT statement to revoke privileges of specified users in business tenants.

Examples

  1. Revoke the UPDATE privilege from a user.

    1. Revoke the UPDATE privilege on the dws_ny table in the data_ny database from the ny user.

      obclient> revoke update on data_ny.dws_ny from ny;
Query OK, 0 rows affected

    2. View the current privileges of the ny user on the dws_ny table in the data_ny database.

      obclient> select * from information_schema.TABLE_PRIVILEGES where TABLE_NAME='dws_ny';
+----------+---------------+--------------+------------+----------------+--------------+
| GRANTEE  | TABLE_CATALOG | TABLE_SCHEMA | TABLE_NAME | PRIVILEGE_TYPE | IS_GRANTABLE |
+----------+---------------+--------------+------------+----------------+--------------+
| 'ny'@'%' | def           | data_ny      | dws_ny     | ALTER          | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | CREATE         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | DELETE         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | DROP           | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | INSERT         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | SELECT         | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | INDEX          | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | CREATE VIEW    | YES          |
| 'ny'@'%' | def           | data_ny      | dws_ny     | SHOW VIEW      | YES          |
+----------+---------------+--------------+------------+----------------+--------------+
9 rows in set

      Note

      Both the root user and ny user can query the privileges on the dws_ny table in the TABLE_PRIVILEGES table.

  2. Revoke the UPDATE privilege on a database from a user.

    1. Revoke the UPDATE privilege on the dws_ny table in the data_ny database from the ny user.

      obclient> revoke update on data_ny.* from ny;
Query OK, 0 rows affected

    2. View the current privileges of the ny user on the data_ny database.

      obclient> SHOW GRANTS FOR ny;
+----------------------------------------------------------------------------------------------------------------------------------+
| Grants for ny@%                                                                                                                  |
+----------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ny'                                                                                                       |
| GRANT ALTER, CREATE, DELETE, DROP, INSERT, SELECT, INDEX, CREATE VIEW, SHOW VIEW ON `data_ny`.* TO 'ny' WITH GRANT OPTION        |
| GRANT ALTER, CREATE, DELETE, DROP, INSERT, SELECT, INDEX, CREATE VIEW, SHOW VIEW ON `data_ny`.`dws_ny` TO 'ny' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------+
3 rows in set

  3. Revoke the UPDATE privilege from a user.

    1. Revoke the UPDATE privilege from the ny user.

      obclient> revoke UPDATE on *.* from ny;
Query OK, 0 rows affected

    2. View the current privileges of the ny user.

      obclient> SHOW GRANTS FOR ny;
+----------------------------------------------------------------------------------------------------------------------------------+
| Grants for ny@%                                                                                                                  |
+----------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ny'                                                                                                       |
| GRANT ALTER, CREATE, DELETE, DROP, INSERT, SELECT, INDEX, CREATE VIEW, SHOW VIEW ON `data_ny`.* TO 'ny' WITH GRANT OPTION        |
| GRANT ALTER, CREATE, DELETE, DROP, INSERT, SELECT, INDEX, CREATE VIEW, SHOW VIEW ON `data_ny`.`dws_ny` TO 'ny' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------+
3 rows in set

Previous topic

Flash back a dropped table
Last

Next topic

About partitioned tables
Next
What is on this page
Grant privileges
Overview
Syntax
Parameters
Examples
Revoke privileges
Overview
Syntax
Parameters
Examples