Permissions Matrix
On this page
Permissions
The following table describes the permissions that can be granted to users and roles.SELECT
permission can be granted for all databases within a workspace, to a specific database within the workspace, or to a specific table in a database.
Permission |
Allowed Scopes in Default Mode |
Notes |
---|---|---|
|
Workspace |
Connect, show variables. |
|
Workspace, Database, Table |
Select rows. |
|
Workspace, Database, Table |
Insert rows. |
|
Workspace, Database, Table |
Update cells of existing rows. |
|
Workspace, Database, Table |
Delete rows. |
|
Workspace, Database, Table |
Create tables. |
|
Workspace, Database, Table |
Drop tables. |
|
Workspace, Database |
Load backups into database. |
|
Workspace |
View and kill queries. Required to query the Required to query |
|
<tied to permissions> |
|
|
Workspace, Database, Table |
Create and drop indexes. |
|
Workspace, Database, Table |
Alter tables (including indexes). |
|
Workspace |
Show all metadata. |
|
Workspace |
Allow users to set certain engine variables. Allow users to change the value of the |
|
Workspace, Database |
Create temporary tables. |
|
Workspace, Database |
Lock tables (read and write). |
|
Workspace, Database |
Create views. |
|
Workspace, Database, View |
Alter views. |
|
Workspace, Database, Table |
Drop views. |
|
Workspace, Database, View |
Show |
|
Workspace, Database |
Take backups and snapshots. |
|
Workspace |
Create and drop users (no grants). |
|
Workspace |
Alter user profiles with |
|
Workspace, Database |
Grant / revoke permissions, manage roles & groups. |
|
Workspace, Database |
Drop databases. |
|
Workspace, Database |
Create databases. |
|
Workspace, Database, Function |
Create extensibility functions or procedures. |
|
Workspace, Database, Function |
Replace or delete extensibility functions or procedures. |
|
Database |
See stored procedure bodies in Information Schema/show commands. |
|
Workspace, Database, Function |
Execute extensibility functions or procedures. |
|
Workspace, Database, Table |
Create pipelines. |
|
Workspace, Database, Table |
Drop pipelines. |
|
Workspace, Database, Table |
Start pipelines. |
|
Workspace, Database, Table |
Alter pipelines. |
|
Workspace, Database, Table |
Show pipelines. |
|
Workspace, Database |
Create link. |
|
Workspace, Database |
Drop link. |
|
Workspace, Database |
Show links. |
|
Workspace, Database |
The |
|
Workspace |
Create resource pool. |
|
Workspace |
Drop resource pool. |
|
Workspace |
Required to create or drop trace events Required to query |
Permission Lists
The following lists are referenced by the Command Permission Requirements section.
Show and create table permissions
SELECT
, INSERT
, UPDATE
, DELETE
, INDEX
, CREATE
, DROP
, ALTER
Database and Table Permissions
CREATE TEMPORARY TABLE
, LOCK TABLES
, RELOAD
, BACKUP
, CREATE DATABASE
, DROP DATABASE
, SELECT
, INSERT
, UPDATE
, DELETE
, CREATE
, DROP
, INDEX
, ALTER
, CREATE VIEW
, SHOW VIEW
, TRIGGER
, ALTER VIEW
, DROP VIEW
, CREATE PIPELINE
, START PIPELINE
, ALTER PIPELINE
, SHOW PIPELINE
, DROP PIPELINE
, EXECUTE
, CREATE ROUTINE
, ALTER ROUTINE
Command Permission Requirements
The following table describes the permissions required to run each command.
Some commands are allowed if you have any of a list of permissions - for example, the CREATE INDEX
command is allowed if you have either the INDEX
permission or the ALTER
permission.Min.
and any other permissions that enable the command are listed under Additional Permissions
.
Command |
Min. |
Additional Permissions, Notes |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Requires |
|
|
|
|
|
|
|
if Unlimited Storage. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Requires |
|
|
Requires |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
One or more of the show and create table permissions. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<can |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Any user may kill their own connections. |
|
|
With the |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<can |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For more information, see the Information Schema Introduction. |
|
|
For more information, see the Information Schema Introduction. |
|
|
For more information, see the Information Schema Introduction. |
|
|
Allows the user to see the body of the Procedure/Routine without the permissions required to be able to edit it. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
One or more of the show and create table permissions. |
|
|
|
|
|
If the user only has The SHOW ROUTINE permission allows a user to view but not edit the bodies of procedures. |
|
|
|
|
|
One or more of the show and create table permissions. |
|
|
|
|
|
One or more of the database and table permissions or |
|
|
|
|
|
|
|
|
|
|
|
The |
|
|
With the |
|
|
With the |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
One or more of the database and table permissions or |
Last modified: November 28, 2024