RisingWave uses a user-based access control to handle authentication and authorization. Privileges can be granted to or revoked by users to control what actions can be performed on different object levels.
ALTER USER
command. For details about the system permissions, see System permissions.
Database privileges can be configured later by using GRANT
and REVOKE
commands. The privileges are managed at these object levels:
ALTER USER
command.
The following statement modifies the password and initial permissions of user001
.
user1
to user001
.
Privilege | Description | Object Level |
---|---|---|
SELECT | Permission to retrieve data from a relation object. | Table, Source, Materialized View |
INSERT | Permission to add new rows to a table. | Table |
UPDATE | Permission to modify existing data in a table. | Table |
DELETE | Permission to remove rows from a table. | Table |
CREATE | Permission to create new objects within the database. | Schema, Database |
CONNECT | Permission to connect to a database. | Database |
USAGE | Permission to use or look up an object’s members. | Schema |
GRANT
command to grant privileges to a user, and the REVOKE
command to revoke privileges from a user. For the syntaxes of these two commands, see GRANT and REVOKE.
This statement grants the SELECT
privilege for materialized view mv1
, which is in schema schema1
of database db1
, to user user1
. user1
is able to grant the SELECT
privilege to other users.
SELECT
and UPDATE
privileges for table t1
to user user1
.