GRANTGRANT

將物件的許可權授與使用者或主體。Grants a privilege on an object to a user or principal. 在資料庫上授與許可權 (例如, SELECT 許可權) 具有對該資料庫中的所有物件隱含授與該許可權的影響。Granting a privilege on a database (for example a SELECT privilege) has the effect of implicitly granting that privilege on all objects in that database. 授與目錄的特定許可權,會影響在目錄中的所有資料庫上隱含授與該許可權。Granting a specific privilege on the catalog has the effect of implicitly granting that privilege on all databases in the catalog.

SyntaxSyntax

GRANT
  privilege_type [, privilege_type ] ...
  ON (CATALOG | DATABASE <database-name> | TABLE <table-name> | VIEW <view-name> | FUNCTION <function-name> | ANONYMOUS FUNCTION | ANY FILE)
  TO principal

privilege_type
  : SELECT | CREATE | MODIFY | USAGE | READ_METADATA | CREATE_NAMED_FUNCTION | ALL PRIVILEGES

principal
  : `<user>@<domain-name>` | <group-name>

若要對所有使用者授與許可權,請 users 在之後指定關鍵字 TOTo grant a privilege to all users, specify the keyword users after TO.

範例Examples

GRANT USAGE, SELECT ON DATABASE <database-name> TO `<user>@<domain-name>`
GRANT SELECT ON ANONYMOUS FUNCTION TO `<user>@<domain-name>`
GRANT SELECT ON ANY FILE TO `<user>@<domain-name>`

視圖型存取控制View-based access control

您可以針對符合特定條件的資料列和資料行設定更細緻的存取控制 (,例如,藉由將存取權授與包含任意查詢的衍生視圖,例如) 。You can configure fine-grained access control (to rows and columns matching specific conditions, for example) by granting access to derived views that contain arbitrary queries.

範例Examples

CREATE OR REPLACE VIEW <view-name> AS SELECT columnA, columnB FROM <table-name> WHERE columnC > 1000;
GRANT SELECT ON VIEW <view-name> TO `<user>@<domain-name>`;

如需有關必要資料表擁有權的詳細資訊,請參閱常見問題 ) (常見問題。For details on required table ownership, see Frequently asked questions (FAQ).