grant

Syntax

grant(userId|groupId, accessType, [objs])

Arguments

userId | groupId a string indicating a user name or a group name.

accessType is the type of privilege.

objs a string scalar/vector indicating the objects that the priviledges specified by accessType applies to.

See the privilege table in User Access Control for the values that accessType and objs can take.

Details

• Grant a user or group with the specified privilege.

Note: You can grant a user DB_OWNER privilege while restricting the user to creating and managing databases with specific prefixes only. This cannot be removed by deny or revoke.

• Set the memory limit of a query result (when accessType = QUERY_RESULT_MEM_LIMIT) or the memory limit of a task group (when accessType = TASK_GROUP_MEM_LIMIT) for a user. Different from commands setMemLimitOfQueryResult and setMemLimitOfTaskGroupResult, grant only applies to the specified user (group is not supported). You can use revoke to remove the memory limit set with grant.

This command can only be executed by an administrator on the controller or data node.

Examples

All members of the group “production” can read all tables in all databases:

$ grant(`production, TABLE_READ, "*")

All members of the group “research” can write to the table dfs://db1/t1:

$ grant(`research, TABLE_WRITE, "dfs://db1/t1")

All members of the group “research” can create tables in the databases dfs://db1 and dfs://db2:

$ grant("research", DBOBJ_CREATE, ["dfs://db1","dfs://db2"])

The user “AlexSmith” can create or delete databases:

$ grant("AlexSmith", DB_MANAGE)

The user “AlexSmith” can execute script:

$ grant("AlexSmith", SCRIPT_EXEC)

The user “AlexSmith” can test script:

$ grant("AlexSmith", TEST_EXEC)

Set the memory limit of query result to 4 GB for the user “AlexSmith”.

$ grant("AlexSmith", QUERY_RESULT_MEM_LIMIT, 4)

Grant user “AlexSmith” the privilege to create and manage databases with prefix “dbxxx”.

$ grant("AlexSmith", DB_OWNER, "dfs://db0*")