Configuring and Using Connection Links
A connection link is a secure link that stores connection details (credentials and configurations) to supported data providers such as S3, Azure, GCS, HDFS, and Kafka.
User Advantages
Referring to a connection link in a command is more secure than specifying the connection details directly in the command. Users need the
CREATE LINK
permission to create connection links, and only those users need to know the connection details.Commands such as
BACKUP
,RESTORE
,CREATE PIPELINE
, andSELECT
support connection links. Users can run these commands without specifying the connection details. However, the user needs theSHOW LINK
permission to use a connection link.
Using a Connection Link
Creation and use of a connection link is dependent on the permissions granted to a user. The following are the permissions that can be granted to users:
CREATE LINK
: A user with theCREATE LINK
permission can create a connection link and only that user will know the connection details.SHOW LINK
: A user with theSHOW LINK
permission can view and use all connection links that exist in a SingleStoreDB database.DROP LINK
: A user with theDROP LINK
permission can remove a connection link that exists in a SingleStoreDB database.
Note: The listed permissions can be cluster or database scoped. For example, you can grant the CREATE LINK permission on *.*
(cluster scoped) and database.*
(database scoped) but not database.table
. See the GRANT topic for more details.
Example
The following example demonstrates the steps performed by a user user1
to write all rows of the table t1
of the database productdb
to an S3 bucket using a connection link. Azure/GCS/HDFS/KAFKA links are created similarly via CREATE LINK linkname AS {AZURE,GCS,HDFS,KAFKA} ...
-- see CREATE LINK for more information.
On user request, the DBA (who has the
CREATE LINK
permission) creates an S3 connection linkdemouser_S3
:CREATE LINK productdb.demouser_S3 AS S3 CREDENTIALS '{"aws_access_key_id":"your_access_key_id","aws_secret_access_key":"your_secret_access_key"}' CONFIG '{"region":"us-east-1"}' DESCRIPTION 'Product list';
The DBA grants the
SHOW LINK
permission touser1
.GRANT SHOW LINK ON productdb.* TO 'user1';
This allows
user1
to use the S3 connection linkdemouser_S3
and any other connection links defined in theproductdb
database.user1
can run theSHOW LINKS
command to view all the connection links in a database. For example, if a second connection link,demouser2_S3
had been created in theproductdb
database, runningSHOW LINKS
would return the following results:SHOW LINKS ON productdb; **** +-------------------------+--------+-----------------------------+ | Link | Type | Description | +-------------------------+--------+-----------------------------+ | demouser_S3 | S3 | Product list | | demouser2_S3 | S3 | Brand list | +-------------------------+--------+-----------------------------+
user1
runs theSELECT .. INTO LINK
command to write the contents of the tablet1
, to the S3 bucket at the specified path, using the S3 connection linkdemouser_S3
stored in theproductdb
database.USE productdb; SELECT * FROM t1 INTO LINK demouser_S3 'testing/output';