SQL - GRANT
Changes the permission of a role, granting it access to one or more resources. To remove access to a resource from the role, see the REVOKE
command.
Syntax
GRANT <permission> ON <resource> TO <role>
<permission>
Defines the permission you want to grant to the role.<resource>
Defines the resource on which you want to grant the permissions.<role>
Defines the role you want to grant the permissions.
Examples
Grant permission to update any record in the cluster
account
to the rolebackoffice
:- orientdb>
GRANT UPDATE ON database.cluster.account TO backoffice
- orientdb>
For more information, see
Supported Permissions
Using this command, you can grant the following permissions to a role.
Permission | Description |
---|---|
NONE |
Grants no permissions on the resource. |
CREATE |
Grants create permissions on the resource, such as the CREATE CLASS or CREATE CLUSTER commands. |
READ |
Grants read permissions on the resource, such as the SELECT query. |
UPDATE |
Grants update permissions on the resource, such as the UPDATE or UPDATE EDGE commands. |
DELETE |
Grants delete permissions on the resource, such as the DROP INDEX or DROP SEQUENCE commands. |
ALL |
Grants all permissions on the resource. |
Supported Resources
Using this command, you can grant permissions on the following resources.
Resource | Description |
---|---|
database |
Grants access on the current database. |
database.class.<class> |
Grants access on records contained in the indicated class. Use ** to indicate all classes. |
database.cluster.<cluster> |
Grants access to records contained in the indicated cluster. Use ** to indicate all clusters. |
database.query |
Grants the ability to execute a query, (READ is sufficient). |
database.command.<command> |
Grants the ability to execute the given command. Use CREATE for INSERT , READ for SELECT , UPDATE for UPDATE and DELETE for DELETE . |
database.config.<permission> |
Grants access to the configuration. Valid permissions are READ and UPDATE . |
database.hook.record |
Grants the ability to set hooks. |
server.admin |
Grants the ability to access server resources. |