This document is the SQL manual for authority management starting from version V2.0.7. For detailed function usage, see Authority Management. For an introduction to authority management functions before version V2.0.7, refer to Authority Management
CREATE USER <USERNAME> <PASSWORD> eg: CREATE USER user1 'Passwd@202604';
Users can change their own passwords, but changing other users' passwords requires the SECURITY privilege.
ALTER USER <USERNAME> SET PASSWORD <password> eg: ALTER USER tempuser SET PASSWORD 'Newpwd@202604';
DROP USER <USERNAME> eg: DROP USER user1;
CREATE ROLE <ROLENAME> eg: CREATE ROLE role1;
DROP ROLE <ROLENAME> eg: DROP ROLE role1;
GRANT ROLE <ROLENAME> TO <USERNAME> eg: GRANT ROLE admin TO user1;
REVOKE ROLE <ROLENAME> FROM <USERNAME> eg: REVOKE ROLE admin FROM user1;
LIST USER;
LIST ROLE;
LIST USER OF ROLE <ROLENAME> eg: LIST USER OF ROLE roleuser;
Users can list their own roles, but listing other users' roles requires the SECURITY privilege.
LIST ROLE OF USER <USERNAME> eg: LIST ROLE OF USER tempuser;
Users can list their own privilege information, but listing other users' privileges requires the SECURITY privilege.
LIST PRIVILEGES OF USER <USERNAME> eg: LIST PRIVILEGES OF USER tempuser;
Users can list the privilege information of roles they possess, but listing other roles' privileges requires the SECURITY privilege.
LIST PRIVILEGES OF ROLE <ROLENAME> eg: LIST PRIVILEGES OF ROLE actor;
GRANT SECURITY TO USER <USERNAME> eg: GRANT SECURITY TO USER TEST_USER;
GRANT CREATE ON DATABASE <DATABASE> TO USER <USERNAME> WITH GRANT OPTION eg: GRANT CREATE ON DATABASE TESTDB TO USER TEST_USER WITH GRANT OPTION;
GRANT SELECT ON DATABASE <DATABASE> TO ROLE <ROLENAME> eg: GRANT SELECT ON DATABASE TESTDB TO ROLE TEST_ROLE;
GRANT SELECT ON <DATABASE>.<TABLENAME> TO USER <USERNAME> eg: GRANT SELECT ON TESTDB.TESTTABLE TO USER TEST_USER;
GRANT SELECT ON ANY TO ROLE <ROLENAME> eg: GRANT SELECT ON ANY TO ROLE TEST_ROLE;
GRANT ALL TO USER TESTUSER; -- Grants all privileges available to the user, including global privileges and all data privileges in the ANY scope GRANT ALL ON ANY TO USER TESTUSER; -- Grants all data privileges available in the ANY scope to the user. After executing this statement, the user will have all data privileges on all databases GRANT ALL ON DATABASE TESTDB TO USER TESTUSER; -- Grants all data privileges available in the DB scope to the user. After executing this statement, the user will have all data privileges on this database GRANT ALL ON TABLE TESTTABLE TO USER TESTUSER; -- Grants all data privileges available in the TABLE scope to the user. After executing this statement, the user will have all data privileges on this table
REVOKE SECURITY FROM USER <USERNAME> eg: REVOKE SECURITY FROM USER TEST_USER;
REVOKE CREATE ON DATABASE <DATABASE> FROM USER <USERNAME> eg: REVOKE CREATE ON DATABASE TEST_DB FROM USER TEST_USER;
REVOKE SELECT ON <DATABASE>.<TABLENAME> FROM USER <USERNAME> eg: REVOKE SELECT ON TESTDB.TESTTABLE FROM USER TEST_USER;
REVOKE SELECT ON ANY FROM USER <USERNAME> eg: REVOKE SELECT ON ANY FROM USER TEST_USER;
REVOKE ALL FROM USER TESTUSER; -- Revokes all global privileges and all data privileges in the ANY scope from the user REVOKE ALL ON ANY FROM USER TESTUSER; -- Revokes all data privileges in the ANY scope from the user, and does not affect DB-scope and TABLE-scope privileges REVOKE ALL ON DATABASE TESTDB FROM USER TESTUSER; -- Revokes all data privileges on the DB from the user, and does not affect TABLE privileges REVOKE ALL ON TABLE TESTDB FROM USER TESTUSER; -- Revokes all data privileges on the TABLE from the user
LIST PRIVILEGES OF USER <USERNAME> eg: LIST PRIVILEGES OF USER tempuser