GRANT privilege#

Synopsis#

GRANT ( privilege [, ...] | ( ALL PRIVILEGES ) )
ON ( table_name |
     TABLE table_name |
     SCHEMA schema_name |
     MY ACCOUNT |
     CLUSTER cluster_name |
     CATALOG catalog_name |
     COLUMN column_name |
     LOCATION table_location |
     FUNCTION function_name |
     DATA_PRODUCT data_product_name
)
TO ROLE role
[ WITH GRANT OPTION ]

Description#

Grants the specified privileges to the specified grantee.

Specifying ALL PRIVILEGES grants all entity kind privileges on the entity to the supplied role. If the entity is a table, SELECT, UPDATE, DELETE and INSERT privileges are granted.

The schema_name may be a “qualified name”, where the catalog is specified explicitly, e.g., my_catalog.my_schema. If the catalog is not supplied the current session catalog is used.

The table_name, function_name or column_name may be “qualified names” in which the schema and sometimes the catalog are explicit. For example, the table my_catalog.my_schema.my_table, in which all components are explicit, and my_schema.my_table, in which the schema is explicit and the catalog defaults to the session catalog.

Specifying ROLE PUBLIC grants privileges to the PUBLIC role and hence to all users.

The optional WITH GRANT OPTION clause allows the grantee to grant these same privileges to others.

For GRANT statement to succeed, the user executing it should possess the specified privileges as well as the GRANT OPTION for those privileges.

Grant on a table grants the specified privilege on all current and future columns of the table.

Grant on a schema grants the specified privilege on all current and future columns of all current and future tables of the schema.

To grant an account privilege, the entity kind and account must be MY ACCOUNT.

Examples#

Grant INSERT and SELECT privileges on the table orders to role orders_admin:

GRANT INSERT, SELECT ON orders TO ROLE orders_admin;

Grant DELETE privilege on the schema finance to ROLE finance_admin:

GRANT DELETE ON SCHEMA finance TO ROLE finance_admin;

Grant SELECT privilege on the table nation to role orders_admin, additionally allowing orders_admin to grant SELECT privilege to others:

GRANT SELECT ON nation TO ROLE orders_admin WITH GRANT OPTION;

Grant SELECT privilege on the table orders to everyone:

GRANT SELECT ON orders TO ROLE PUBLIC;

Grant cluster privilege USE_CLUSTER on cluster demo_cluster to roles_admin data_user:

GRANT USE_CLUSTER ON CLUSTER demo_cluster TO ROLE data_user;

Grant account privilege CREATE_ROLE to role roles_admin, allowing roles_admin to grant CREATE_ROLE to other roles:

GRANT CREATE_ROLE ON MY ACCOUNT TO ROLE `roles_admin` WITH GRANT OPTION;

See also#

SQL entity kinds and privileges, DENY, REVOKE privilege, SHOW GRANTS