getUserAccess

Syntax

getUserAccess([userIds])

Arguments

userId is a STRING scalar/vector indicating one or multiple user names.

Details

This function returns privileges for individual users, without taking into account the privileges for the groups the users belong to.

When userId is unspecified, returns the privileges for the current user. Only an administrator can use this function to get other users’ privileges.

It returns a table with the following columns:

Column

Description

userId

The user name

groups

The group to which the user belongs

isAdmin

Whether the user is an administrator

MAX_JOB_PRIORITY

An integer between 0 and 8 indicating the highest priority of the jobs submitted by the user. Specified by the command setMaxJobPriority.

MAX_PARALLELISM

An integer indicating the maximum number of tasks that can be executed in parallel for a job submitted by the user. It is specified by the command setMaxJobParallelism.

QUERY_RESULT_MEM_LIMIT

The memory limit for a query result. It is a floating-point number indicating memory usage (in GB). You can use grant to set the limit and revoke to remove.

TASK_GROUP_MEM_LIMIT

The memory limit of a task group. It is a floating-point number indicating memory usage in GB. You can use grant to set the limit and revoke to remove.

The following privileges are listed with permission state “allow” / “none” / “deny”: ACCESS_READ, ACCESS_INSERT, ACCESS_UPDATE, ACCESS_DELETE, VIEW_EXEC, SCRIPT_EXEC, TEST_EXEC, DBOBJ_CREATE, DBOBJ_DELETE, DB_MANAGE, DB_OWNER

Note:

  • Version 1.30.21/2.00.9 onwards extends privileges at the table level. The original TABLE_WRITE field is now replaced with fields TABLE_INSERT, TABLE_UPDATE, and TABLE_DELETE.

  • Since the DB_READ, DB_WRITE, DB_INSERT, DB_UPDATE, and DB_DELETE privileges apply to tables in databases, only table-level privileges are returned.

The remaining columns in the table display the specific objects (tables, views or databases) that the user is granted/denied access to:

objs
TABLE_READ_allowed
TABLE_READ_denied
TABLE_INSERT_allowed
TABLE_INSERT_denied
TABLE_UPDATE_allowed
TABLE_UPDATE_denied
TABLE_DELETE_allowed
TABLE_DELETE_denied
DB_READ_allowed
DB_READ_denied
DB_INSERT_allowed
DB_INSERT_denied
DB_UPDATE_allowed
DB_UPDATE_denied
DB_DELETE_allowed
DB_DELETE_denied
VIEW_EXEC_allowed
VIEW_EXEC_denied
DBOBJ_CREATE_allowed
DBOBJ_CREATE_denied
DBOBJ_DELETE_allowed
DBOBJ_DELETE_denied
DB_OWNER_allowed
DB_MANAGE_allowed