Purpose
You can use a GRANT statement to grant privileges to other users as the system administrator.
Required privileges
To execute the
GRANTstatement, you need to have the granted privilege. For example, if useruser1wants to grant theSELECTprivilege on tabletbl1to useruser2, then useruser1must have theSELECTprivilege on tabletbl1.To execute the
GRANTstatement, you need to have theGRANT OPTIONprivilege. For more information on privileges in OceanBase Database, see Privilege types in MySQL mode.
Note
After you grant privileges to a user, the user needs to reconnect to OceanBase Database for the privileges to take effect.
Syntax
GRANT {priv_type [, priv_type...]}
ON priv_level
TO {user [, user...]}
[WITH GRANT OPTION]
user:
user_name
| user_name IDENTIFIED [WITH auth_plugin] BY password
| user_name IDENTIFIED [WITH auth_plugin] BY PASSWORD password
Parameters
| Parameter | Description |
|---|---|
| priv_type | The type of the privilege to be granted. To grant multiple privileges to a user, separate the privileges with commas (,). For information about privilege types and their description, see Privilege types in MySQL mode. |
| priv_level | The level of the privilege to be granted. You can specify that the privilege takes effect on all databases and all tables (*.*), a specified database or table (db_name.* or *.table_name), or a specific table in a specific database (db_name.table_name). |
| user | The user to which the privilege is granted. To grant privileges to multiple users, separate the usernames with commas (,). If the specified user does not exist, the statement creates the user directly. |
| auth_plugin | The user authentication method. Currently, only the mysql_native_password authentication plug-in is supported. |
| BY password | The password for the user to be authorized. The password is in plaintext and is saved in ciphertext on the server after it is saved to the mysql.user table. Enclose special characters in the password in quotation marks ('' or ""). Special characters include the following ones: ~!@#%^&*_-+=`|(){}[]:;',.?/. |
| BY PASSWORD password | The password for the user to be authorized. The password is in ciphertext and is saved to the mysql.user table directly. |
| WITH GRANT OPTION | Specifies whether to enable privilege delegation. When privilege delegation is enabled, grant revocation extends to dependent users. |
Examples
Grant the
CREATE VIEWprivilege on thedb1database to theuser1user and enable privilege delegation.obclient> GRANT CREATE VIEW ON db1.* TO user1 WITH GRANT OPTION;Grant the
CREATEprivilege on thedb1database to theuser1user and change the password foruser1.obclient> GRANT CREATE ON db1.* TO user1 IDENTIFIED by '********';After executing the statement, check the password of
user1in themysql.usertable. The password is updated to the newly set one.Grant the
CREATEprivilege on thedb1database to a non-existing user nameduser2and set the password foruser2.obclient> GRANT CREATE ON db1.* TO user2 IDENTIFIED by '********';
References
For more information about how to grant user privileges, see Grant privileges.
For more information about how to view user privileges, see View user privileges.
You can query the
mysql.usertable to view information about the created user. For more information about themysql.usertable, see mysql.user.