Access control

When creating a user, the administrator of an organization can determine the system-level permissions and set a password. The system permissions and the user names can be revised with the ALTER USER command. For details about the system permissions, see System permissions.

Database privileges can be configured later by using GRANT and REVOKE commands. The privileges are managed at these object levels:

• Database
• Schema
• Table
• Source
• Materialized view

For database privileges that can be applied to each of the object levels, see Privileges.

​

Users

​

Create users

CREATE USER user_name [ [ WITH ] system_permission [ ... ]['PASSWORD' { password | NULL }] ];

For details about system permissions, see System permissions.

Create a user with default permissions:

CREATE USER user_name;

Create a user and permit it to create databases, and set a password for it:

CREATE USER user001 WITH CREATEDB PASSWORD '1234abcd';

​

Alter users

You can alter the system permissions, password, or name of a user by using the ALTER USER command.

The following statement modifies the password and initial permissions of user001.

ALTER USER user001 WITH NOSUPERUSER CREATEDB PASSWORD '4d2Df1ee5';

The following statement renames user1 to user001.

ALTER USER user1 RENAME TO user001;

​

Privileges

See the table below for the privileges available in RisingWave and the corresponding object levels that they can apply to.

You use the GRANT command to grant privileges to a user, and the REVOKE command to revoke privileges from a user. For the syntaxes of these two commands, see GRANT and REVOKE.

This statement grants the SELECT privilege for materialized view mv1, which is in schema schema1 of database db1, to user user1. user1 is able to grant the SELECT privilege to other users.

GRANT SELECT
ON MATERIALIZED VIEW mv1 IN SCHEMA db1.schema1
TO user1 WITH GRANT OPTION GRANTED BY user;

This statement grants the SELECT and UPDATE privileges for table t1 to user user1.

GRANT SELECT, UPDATE
ON TABLE t1
TO user1;