云数据库 GAUSSDB-GRANT:语法格式

时间:2024-11-13 14:46:12

语法格式

  • 将表或视图的访问权限赋予指定的用户或角色。
    GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFEREN CES  | TRIGGER | ALTER | DROP | COMMENT | INDEX | VACUUM } [, ...] 
          | ALL [ PRIVILEGES ] }
        ON { [ TABLE ] table_name [, ...]
           | ALL TABLES IN SCHEMA schema_name [, ...] }
        TO { [ GROUP ] role_name | PUBLIC } [, ...] 
        [ WITH GRANT OPTION ];
  • 将表中字段的访问权限赋予指定的用户或角色。
    GRANT { {{ SELECT | INSERT | UPDATE | REFERENCES | COMMENT } ( column_name [, ...] )} [, ...] 
          | ALL [ PRIVILEGES ] ( column_name [, ...] ) }
        ON [ TABLE ] table_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];

    如果拥有表的访问权限,则默认拥有表中所有字段的访问权限。如果要仅赋予表中某个字段的访问权限,需要先撤销所属表的访问权限。

    将序列的访问权限赋予指定的用户或角色,LARGE字段属性可选,赋权语句不区分序列是否为LARGE。

    GRANT { { SELECT | UPDATE | USAGE | ALTER | DROP | COMMENT } [, ...] 
          | ALL [ PRIVILEGES ] }
        ON { [ [ LARGE ] SEQUENCE ] sequence_name [, ...]
           | ALL SEQUENCES IN SCHEMA schema_name [, ...] }
        TO { [ GROUP ] role_name | PUBLIC } [, ...] 
        [ WITH GRANT OPTION ];
  • 将数据库的访问权限赋予指定的用户或角色。
    GRANT { { CREATE | CONNECT | TEMPORARY | TEMP | ALTER | DROP | COMMENT } [, ...]
          | ALL [ PRIVILEGES ] }
        ON DATABASE database_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];
  • 将域的访问权限赋予指定的用户或角色。
    GRANT { USAGE | ALL [ PRIVILEGES ] }
        ON DOMAIN domain_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];

    本版本暂时不支持赋予域的访问权限。

  • 将客户端加密主密钥CMK的访问权限赋予指定的用户或角色。
    1
    2
    3
    4
    GRANT { { USAGE | DROP } [, ...] | ALL [ PRIVILEGES ] }
        ON CLIENT_MASTER_KEY client_master_key
        TO { [ GROUP ] role_name | PUBLIC } [, ...] 
        [ WITH GRANT OPTION ];
    
  • 将列加密密钥CEK的访问权限赋予指定的用户或角色。
    1
    2
    3
    4
    GRANT { { USAGE | DROP } [, ...] | ALL [ PRIVILEGES ] }
        ON COLUMN_ENCRYPTION_KEY column_encryption_key 
        TO { [ GROUP ] role_name | PUBLIC } [, ...] 
        [ WITH GRANT OPTION ];
    
  • 将外部数据源的访问权限赋予给指定的用户或角色。
    GRANT { USAGE | ALL [ PRIVILEGES ] }
        ON FOREIGN DATA WRAPPER fdw_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];
  • 将外部服务器的访问权限赋予给指定的用户或角色。
    GRANT { { USAGE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] }
        ON FOREIGN SERVER server_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];
  • 将函数的访问权限赋予给指定的用户或角色。
    GRANT { { EXECUTE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] }
        ON { FUNCTION {function_name ( [ {[ argmode ] [ arg_name ] arg_type} [, ...] ] )} [, ...]
           | ALL FUNCTIONS IN SCHEMA schema_name [, ...] }
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];
  • 将存储过程的访问权限赋予给指定的用户或角色。
    1
    2
    3
    4
    GRANT { { EXECUTE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] }
        ON PROCEDURE {proc_name ( [ {[ argmode ] [ arg_name ] arg_type} [, ...] ] )} [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];
    
  • 将过程语言的访问权限赋予给指定的用户或角色。
    GRANT { USAGE | ALL [ PRIVILEGES ] }
        ON LANGUAGE lang_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];
  • 将模式的访问权限赋予指定的用户或角色。
    GRANT { { CREATE | USAGE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] }
        ON SCHEMA schema_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];

    将模式中的表或者视图对象授权给其他用户时,需要将表或视图所属的模式的USAGE权限同时授予该用户,若没有该权限,则只能看到这些对象的名称,并不能实际进行对象访问。 同名模式下创建表的权限无法通过此语法赋予,可以通过将角色的权限赋予其他用户或角色的语法,赋予同名模式下创建表的权限。

  • 将表空间的访问权限赋予指定的用户或角色。
    GRANT { { CREATE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] }
        ON TABLESPACE tablespace_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];
  • 将类型的访问权限赋予指定的用户或角色。
    GRANT { { USAGE | ALTER | DROP | COMMENT } [, ...] | ALL [ PRIVILEGES ] }
        ON TYPE type_name [, ...]
        TO { [ GROUP ] role_name | PUBLIC } [, ...]
        [ WITH GRANT OPTION ];

    本版本暂时不支持赋予类型的访问权限。

  • 将DIRECTORY对象的权限赋予指定的角色。
    1
    2
    3
    4
    GRANT { { READ | WRITE | ALTER | DROP } [, ...] | ALL [PRIVILEGES] }
       ON DIRECTORY directory_name [, ...]
       TO { [GROUP] role_name | PUBLIC } [, ...]
       [WITH GRANT OPTION];
    
  • 将PACKAGE对象的权限赋予指定的角色。
    1
    2
    3
    4
    5
    GRANT { { EXECUTE | ALTER | DROP | COMMENT } [, ...] | ALL [PRIVILEGES] }
       ON { PACKAGE package_name [, ...]
          | ALL PACKAGES IN SCHEMA schema_name [, ...] }
       TO { [GROUP] role_name | PUBLIC } [, ...]
       [WITH GRANT OPTION];
    
  • 将角色的权限赋予其他用户或角色的语法。
    GRANT role_name [, ...]
       TO role_name [, ...]
       [ WITH ADMIN OPTION ];
  • 将SYSADMIN权限赋予指定的角色。
    GRANT ALL { PRIVILEGES | PRIVILEGE }
       TO role_name;
support.huaweicloud.com/centralized-devg-v8-gaussdb/gaussdb-42-0647.html