Permissions Matrix
On this page
Permissions
The following table describes the permissions that can be granted to users and roles.SELECT
permission can be granted for all databases within a cluster, to a specific database within the cluster, or to a specific table in a database.
Permission |
Allowed Scopes in Default Mode |
Notes |
---|---|---|
|
Cluster |
All permissions. |
|
Cluster |
Connect, show variables. |
|
Cluster, Database, Table |
Select rows. |
|
Cluster, Database, Table |
Insert rows. |
|
Cluster, Database, Table |
Update cells of existing rows. |
|
Cluster, Database, Table |
Delete rows. |
|
Cluster, Database, Table |
Create tables. |
|
Cluster, Database, Table |
Drop tables. |
|
Cluster, Database |
Load backups into database. |
|
Cluster |
File write access. |
|
Cluster |
View and kill queries. Required to query the Required to query |
|
Cluster |
File read access. |
|
<tied to permissions> |
|
|
Cluster, Database, Table |
Create and drop indexes. |
|
Cluster, Database, Table |
Alter tables (including indexes). |
|
Cluster |
Show all metadata. |
|
Cluster |
Set global variables, modify resource pool settings. |
|
Cluster |
Allow users to set certain engine variables. Allow users to change the value of the |
|
Cluster, Database |
Create temporary tables. |
|
Cluster, Database |
Lock tables (read and write). |
|
Cluster, Database |
Read data for replication. |
|
Cluster, Database |
Create views. |
|
Cluster, Database, View |
Alter views. |
|
Cluster, Database, Table |
Drop views. |
|
Cluster, Database, View |
Show |
|
Cluster |
Cluster administration, including replication, partition movement, and topology. |
|
Cluster, Database |
Take backups and snapshots. |
|
Cluster |
Create and drop users (no grants). |
|
Cluster |
Alter user profiles with |
|
Cluster, Database |
Grant / revoke permissions, manage roles & groups. |
|
Cluster, Database |
Drop databases. |
|
Cluster, Database |
Create databases. |
|
Cluster, Database, Function |
Create extensibility functions or procedures. |
|
Cluster, Database, Function |
Replace or delete extensibility functions or procedures. |
|
Database |
See stored procedure bodies in Information Schema/show commands. |
|
Cluster, Database, Function |
Execute extensibility functions or procedures. |
|
Cluster, Database, Table |
Create pipelines. |
|
Cluster, Database, Table |
Drop pipelines. |
|
Cluster, Database, Table |
Start pipelines. |
|
Cluster, Database, Table |
Alter pipelines. |
|
Cluster, Database, Table |
Show pipelines. |
|
Cluster, Database |
Create link. |
|
Cluster, Database |
Drop link. |
|
Cluster, Database |
Show links. |
|
Cluster, Database |
The |
|
Cluster |
Create resource pool. |
|
Cluster |
Drop resource pool. |
|
Cluster |
Required to create or drop trace events Required to query |
Permission Lists
The following lists are referenced by the Command Permission Requirements section.
Show and create table permissions
SELECT
, INSERT
, UPDATE
, DELETE
, INDEX
, CREATE
, DROP
, ALTER
Database and Table Permissions
CREATE TEMPORARY TABLE
, LOCK TABLES
, RELOAD
, BACKUP
, CREATE DATABASE
, DROP DATABASE
, SELECT
, INSERT
, UPDATE
, DELETE
, CREATE
, DROP
, INDEX
, ALTER
, CREATE VIEW
, SHOW VIEW
, TRIGGER
, ALTER VIEW
, DROP VIEW
, CREATE PIPELINE
, START PIPELINE
, ALTER PIPELINE
, SHOW PIPELINE
, DROP PIPELINE
, EXECUTE
, CREATE ROUTINE
, ALTER ROUTINE
Command Permission Requirements
The following table describes the permissions required to run each command.
Some commands are allowed if you have any of a list of permissions - for example, the CREATE INDEX
command is allowed if you have either the INDEX
permission or the ALTER
permission.Min.
and any other permissions that enable the command are listed under Additional Permissions
.
Command |
Min. |
Additional Permissions, Notes |
---|---|---|
|
|
|
|
|
|
|
|
|
|
CREATE, INSERT, UPDATE, DELETE, INDEX, DROP, or ALTER |
Applies on a table-by-table basis. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Requires |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Requires |
|
|
Requires |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
One or more of the show and create table permissions. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<can |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Any user may kill their own connections. |
|
|
With the |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<can |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For more information, see the Information Schema Introduction. |
|
|
For more information, see the Information Schema Introduction. |
|
|
For more information, see the Information Schema Introduction. |
|
|
Allows the user to see the body of the Procedure/Routine without the permissions required to be able to edit it. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
One or more of the show and create table permissions. |
|
|
|
|
|
|
|
|
If the user only has The SHOW ROUTINE permission allows a user to view but not edit the bodies of procedures. |
|
|
|
|
|
One or more of the show and create table permissions. |
|
|
|
|
|
|
|
|
One or more of the database and table permissions or |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The |
|
|
|
|
|
With the |
|
|
|
|
|
With the |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
One or more of the database and table permissions or |
Last modified: November 28, 2024