User privileges are classified into direct and indirect privileges. Direct privileges are the system or object privileges that are granted to a user. Indirect privileges are those that are granted to roles of a user. Most operations can be performed with direct or indirect privileges. This topic describes how to grant indirect privileges to users.
Direct privileges are required for the following scenarios:
- When creating a view, the privileges to access the objects in the view are required.
- When executing statements in a named PL block with the definers' rights, the privileges for the statements are required.
Indirect privileges granted to roles
Prerequisites
When granting system privileges, object privileges, or roles to a role, you must have the privileges or roles to be granted and any of the following privileges: GRANT OPTION, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, and GRANT ANY ROLE.
For information about how to view your privileges, see View user privileges. If you do not have the required privileges, contact the administrator to obtain the privileges. For information about how to grant privileges to a user, see Modify user privileges. For information about how to view your roles, see View roles.
Examples
Grant the SELECT privilege on the test1.tbl1 table to the role1 role:
obclient> GRANT SELECT ON test1.tbl1 TO role1;
Query OK, 0 rows affected
In addition, you can add privileges to the PUBLIC role by using the following SQL statement:
Notice
To ensure database security, grant this role only when it is necessary.
obclient> GRANT [privilege_list] TO PUBLIC;
After you add a privilege to the PUBLIC role, all users in the tenant have the privilege. This means that all users can immediately perform operations that are authorized by the privilege. For more information about the PUBLIC role, see Overview.
For more information about the GRANT statement, see GRANT.