User privileges are divided into direct and indirect privileges. Direct privileges are the system or object privileges that are granted to a user. Indirect privileges are those that are granted to roles of a user. Most operations can be performed with direct or indirect privileges. This topic describes how to grant direct privileges to users.
Direct privileges are required to perform the following operations:
- When creating a view, the user needs permission to access objects in a view.
- Permissions required to execute statements in a named PL block with the definers' rights.
Prerequisites
When granting an object privilege, the current user must be the owner of the object or have the privilege to be granted. For example, if
test1grants theSELECTprivilege on tablet1totest2, thentest1must have theSELECTprivilege on tablet1. In addition, the user must have theGRANT OPTIONorGRANT ANY OBJECT PRIVILEGEprivilege.When granting a system privilege or a role, the current user must have the privilege or role to be granted and have the
GRANT OPTION,GRANT ANY PRIVILEGE, orGRANT ANY ROLEprivilege.
For more information about how to view privileges, see View user privileges. If the user does not have the required privileges, contact the administrator to obtain the privileges. For more information about how to view roles, see View roles.
Considerations
When granting privileges, pay attention to the following:
When granting multiple privileges to a user at a time, separate the privileges with commas (,).
If a user has been granted a privilege, the privilege takes effect only after the user is reconnected to OceanBase Database.
Examples
Grant system privileges
Grant the
CREATE SEQUENCEprivilege to thetestuser.obclient> GRANT CREATE SEQUENCE TO test;Grant object privileges
Grant the
SELECTandUPDATEprivileges on theemp_viewview to thetestuser.obclient> GRANT SELECT, UPDATE ON emp_view TO test;
For more information about the GRANT statement, see GRANT.