Sign inTry Free

Accessing the Information Schema

A majority of views in the information schema have row-level security. Information Schema views are different from other types of base tables that can either be accessed in full or not depending on permissions. They are views into underlying data about a cluster and the objects within it.

Users have permissions to see information schema metadata about the database objects they have permissions to access. For example, if a user has permissions to access table t1 but not table t2, they will see rows containing metadata about t1 in information schema views but not t2.

Alternatively, it is possible to grant the SHOW METADATA permission, which grants a user broad access to metadata about all database objects, without requiring read or write permissions to those database objects. A few of the information schema views require an additional permission to access in full. For example, accessing MV_QUERIES requires the PROCESS permission. Accessing the pipelines views requires the INSERT permission. For more information, see the Permissions Matrix. Remember that SHOW METADATA must be set at the cluster level.

For example, use:

GRANT SHOW METADATA ON *.* to testuser;

instead of:

GRANT SHOW METADATA ON information_schema.processlist to testuser;
ERROR 1044 ER_DBACCESS_DENIED_ERROR: Access denied for user 'admin'@'%' to database 'information_schema'

Because information schema views are simply views into the internal data structure which holds the information being surfaced in a given view, most information schema views do not have an impact on memory. For the same reason, the best way to secure this data is by managing user access.

To access the information_schema, users can either SELECT data from specific view(s) with a SQL query, or use one of the SHOW Commands which will surface a subset of data from the information_schema depending on the command. The same permissions apply to any information schema data whether it is being accessed via a query or a SHOW command.

Last modified: November 17, 2022

Was this article helpful?

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK