GRANTGRANT

GRANT
  privilege_type [, privilege_type ] ...
  ON (CATALOG | DATABASE <database-name> | TABLE <table-name> | VIEW <view-name> | FUNCTION <function-name> | ANONYMOUS FUNCTION | ANY FILE)
  TO principal

privilege_type
  : SELECT | CREATE | MODIFY | USAGE | READ_METADATA | CREATE_NAMED_FUNCTION | ALL PRIVILEGES

principal
  : `<user>@<domain-name>` | <group-name>

向用户或主体授予对对象的权限。Grant a privilege on an object to a user or principal. 授予对数据库的权限 (例如, SELECT 特权) 会对该数据库中的所有对象隐式授予该权限。Granting a privilege on a database (for example a SELECT privilege) has the effect of implicitly granting that privilege on all objects in that database. 授予对目录的特定权限会对目录中的所有数据库隐式授予该权限。Granting a specific privilege on the catalog has the effect of implicitly granting that privilege on all databases in the catalog.

若要向所有用户授予权限,请 users 在之后指定关键字 TOTo grant a privilege to all users, specify the keyword users after TO.

示例Examples

GRANT SELECT ON DATABASE <database-name> TO `<user>@<domain-name>`
GRANT SELECT ON ANONYMOUS FUNCTION TO `<user>@<domain-name>`
GRANT SELECT ON ANY FILE TO `<user>@<domain-name>`

基于视图的访问控制View-based access control

您可以为与特定条件匹配的行和列配置精细的访问控制 (,例如) 授予对包含任意查询的派生视图的访问权限。You can configure fine-grained access control (to rows and columns matching specific conditions, for example) by granting access to derived views that contain arbitrary queries.

示例Examples

CREATE OR REPLACE VIEW <view-name> AS SELECT columnA, columnB FROM <table-name> WHERE columnC > 1000;
GRANT SELECT ON VIEW <view-name> TO `<user>@<domain-name>`;

有关所需表所有权的详细信息,请参阅常见问题 (FAQ) For details on required table ownership, see Frequently asked questions (FAQ).