Configuring and Using Connection Links
A connection link is a secure link that stores connection details (credentials and configurations) to supported data providers such as S3, Azure, GCS, HDFS, and Kafka.
User Advantages
Referring to a connection link in a command is more secure than specifying the connection details directly in the command. Users need the
CREATE LINKpermission to create connection links, and only those users need to know the connection details.Commands such as
BACKUP,RESTORE,CREATE PIPELINE, andSELECTsupport connection links. Users can run these commands without specifying the connection details. However, the user needs theSHOW LINKpermission to use a connection link.
Using a Connection Link
Creation and use of a connection link is dependent on the permissions granted to a user. The following are the permissions that can be granted to users:
CREATE LINK: A user with theCREATE LINKpermission can create a connection link and only that user will know the connection details.SHOW LINK: A user with theSHOW LINKpermission can view and use all connection links that exist in a SingleStoreDB database.DROP LINK: A user with theDROP LINKpermission can remove a connection link that exists in a SingleStoreDB database.
Note: The listed permissions can be cluster or database scoped. For example, you can grant the CREATE LINK permission on *.* (cluster scoped) and database.* (database scoped) but not database.table. See the GRANT topic for more details.
Example
The following example demonstrates the steps performed by a user user1 to write all rows of the table t1 of the database productdb to an S3 bucket using a connection link. Azure/GCS/HDFS/KAFKA links are created similarly via CREATE LINK linkname AS {AZURE,GCS,HDFS,KAFKA} ... -- see CREATE LINK for more information.
On user request, the DBA (who has the
CREATE LINKpermission) creates an S3 connection linkdemouser_S3:CREATE LINK productdb.demouser_S3 AS S3 CREDENTIALS '{"aws_access_key_id":"your_access_key_id","aws_secret_access_key":"your_secret_access_key"}' CONFIG '{"region":"us-east-1"}' DESCRIPTION 'Product list';The DBA grants the
SHOW LINKpermission touser1.GRANT SHOW LINK ON productdb.* TO 'user1';
This allows
user1to use the S3 connection linkdemouser_S3and any other connection links defined in theproductdbdatabase.user1can run theSHOW LINKScommand to view all the connection links in a database. For example, if a second connection link,demouser2_S3had been created in theproductdbdatabase, runningSHOW LINKSwould return the following results:SHOW LINKS ON productdb; **** +-------------------------+--------+-----------------------------+ | Link | Type | Description | +-------------------------+--------+-----------------------------+ | demouser_S3 | S3 | Product list | | demouser2_S3 | S3 | Brand list | +-------------------------+--------+-----------------------------+
user1runs theSELECT .. INTO LINKcommand to write the contents of the tablet1, to the S3 bucket at the specified path, using the S3 connection linkdemouser_S3stored in theproductdbdatabase.USE productdb; SELECT * FROM t1 INTO LINK demouser_S3 'testing/output';