SQL Command Permissions Summary

The following table identifies the permissions required for common SQL commands.

Notes:

  • A <db-name>/*/* policy with connect permission is assumed for all SQL operations in the table.
  • A && in the SQL Command column identifies a super-user operation.
  • A ## in the Resource column signifies that additional policies may be required to provide access to resources used within the operation(s).
SQL CommandPermissionResource
\dusage-schema<db-name>/public/
ANALYZE <table-name>usage-schema<db-name>/<schema-name>/
select<db-name>/<schema-name>/<table-name>
ALTER AGGREGATE … RENAME TOusage-schema, create<db-name>/<schema-name>/
ALTER SEQUENCEusage-schema<db-name>/<schema-name>/
ALTER TABLE … RENAMEusage-schema<db-name>/<schema-name>/
ALTER TABLE

<table-name>

SET DISTRIBUTED BY

usage-schema, create<db-name>/<schema-name>/
select<db-name>/<schema-name>/<table-name>
BEGIN … COMMITusage-schema<db-name>/<schema-name>/
##
\c, CONNECT <db-name>connect<db-name>//
COPY <table-name> FROM &&usage-schema<db-name>/<schema-name>/
insert, select<db-name>/<schema-name>/<table-name>
COPY <table-name> TO &&usage-schema<db-name>/<schema-name>/
select<db-name>/<schema-name>/<table-name>
CREATE AGGREGATEusage-schema, create<db-name>/<schema-name>/
execute<db-name>/<schema-name>/<sfunc-name>
CREATE EXTERNAL TABLEusage-schema, create<db-name>/<schema-name>/
select<protocol-name>
CREATE FUNCTION

<func-name>

(trusted <language-name>)

usage-schema, create<db-name>/<schema-name>/
usage<db-name>/<language-name>
execute<db-name>/<schema-name>/<func-name>
##
CREATE FUNCTION

<func-name>

(untrusted <language-name>) &&

usage-schema, create<db-name>/<schema-name>/
##
CREATE LANGUAGE &&usage<db-name>/c
CREATE OPERATOR

CREATE OPERATOR CLASS &&

CREATE SEQUENCE

CREATE TABLE

CREATE TYPE

CREATE VIEW

usage-schema, create<db-name>/<schema-name>/
CREATE SCHEMAcreate-schema<db-name>//
CREATE TABLE

(<private-schema>)

create<db-name>/<private-schema>/
CREATE TABLE … ASusage-schema, create<db-name>/<schema-name>/
select<db-name>/<schema-name>/<table-name>
CREATE TABLE …

TABLESPACE

<tablespace-name>

usage-schema, create<db-name>/<schema-name>/
create<tablespace-name>
CREATE TEMP SEQUENCE

CREATE TEMP TABLE

temp<db-name>//
CREATE WRITABLE EXTERNAL TABLEusage-schema, create<db-name>/<schema-name>/
insert<protocol-name>
DROP AGGREGATE

DROP FUNCTION

DROP OPERATOR

DROP OPERATOR CLASS &&

DROP SCHEMA

DROP TABLE

DROP VIEW

usage-schema<db-name>/<schema-name>/
EXECUTEusage-schema<db-name>/<schema-name>/
##
EXPLAINusage-schema<db-name>/<schema-name>/
##
INSERT INTO

<table-name>

usage-schema<db-name>/<schema-name>/
insert<db-name>/<schema-name>/<table-name>
PREPAREusage-schema<db-name>/<schema-name>/
SELECT <agg-name>usage-schema<db-name>/<schema-name>/
execute<db-name>/<schema-name>/<agg-name>
execute<db-name>/<schema-name>/<sfunc-name>
##
SELECT <func-name>usage-schema<db-name>/<schema-name>/
execute<db-name>/<schema-name>/<func-name>
SELECT (using operator)execute<db-name>/<schema-name>/<op-func>
##
SELECT…FROM

<table-name>

usage-schema<db-name>/<schema-name>/
select<db-name>/<schema-name>/<table-name>
SELECT…INTO…FROM <table-name>usage-schema, create<db-name>/<schema-name>/
select<db-name>/<schema-name>/<table-name>
SELECT…FROM

<view-name>

usage-schema<db-name>/<schema-name>/
select<db-name>/<schema-name>/<view-name>
TRUNCATEusage-schema<db-name>/<schema-name>/
VACUUMusage-schema<db-name>/<schema-name>/
VACUUM ANALYZE

<table-name>

usage-schema<db-name>/<schema-name>/*
select<db-name>/<schema-name>/<table-name>