GridGain Developers Hub

Access Control Functions

This section walks you through the access control functions supported by GridGain 9.0.

CREATE USER

Creates a new user. You must specify user password. Newly created users do not have any permissions. To grant them, assign the user the role by using the GRANT command, and make sure the role has correct privileges.

Diagram( Terminal('CREATE USER'), Optional(Terminal('IF NOT EXISTS')), NonTerminal('user_name'), Terminal('IDENTIFIED WITH'), NonTerminal('auth_type'), Terminal('BY'), NonTerminal('pass') )

Parameters:

  • user_name - the name of the user.

  • auth_type - type of authentication for the user. Currently, only plain_password is available.

  • pass - user password.

Examples:

CREATE USER IF NOT EXISTS user1 IDENTIFIED WITH plain_password BY 'user1pass';
CREATE USER user2 IDENTIFIED WITH plain_password BY 'user2pass';

SHOW USER

Shows user information, including granted roles and authentication type.

Diagram( Terminal('SHOW USER'), NonTerminal('user_name') )

Parameters:

  • user_name - the name of the user.

Examples:

SHOW USER user1;

SHOW USERS

Lists all users created on the cluster.

Diagram( Terminal('SHOW USERS') )

Examples:

SHOW USERS;

DROP USER

Deletes the specified user.

Diagram( Terminal('DROP USER'), Optional(Terminal('IF EXISTS')), NonTerminal('user_name') )

Parameters:

  • user_name - the name of the user.

Examples:

DROP USER user1;
DROP USER IF EXISTS user1;

CREATE ROLE

Creates a new role. For the role to have any permissions, use the GRANT command to assign them.

Diagram( Terminal('CREATE ROLE'), Optional(Terminal('IF NOT EXISTS')), NonTerminal('role_name') )

Parameters:

  • role_name - the name of the role.

Examples:

CREATE ROLE IF NOT EXISTS role1;
CREATE ROLE role2;

SHOW ROLE

Shows the role and permissions assigned to it.

Diagram( Terminal('SHOW ROLE'), NonTerminal('role_name') )

Parameters:

  • role_name - the name of the role.

Examples:

SHOW ROLE role1;

SHOW ROLES

Lists all roles created on the cluster.

Diagram( Terminal('SHOW ROLES') )

Examples:

SHOW ROLES;

DROP ROLE

Deletes the specified role.

Diagram( Terminal('DROP ROLE'), Optional(Terminal('IF EXISTS')), NonTerminal('role_name') )

Parameters:

  • role_name - the name of the role.

Examples:

DROP ROLE role1;

GRANT

Assigns privileges to roles.

GRANT TO role

Diagram( Terminal('GRANT'), Terminal('PRIVILEGES'), NonTerminal('privileges', {href:'#link_privileges'}), Terminal('TO'), NonTerminal('role_names', {href:'#link_identifier_list'}) )

Parameters:

  • privileges - the names of the privileges to grant to a role.

  • role_names - the names of the roles to grant the privileges to.

Examples:

GRANT PRIVILEGES CREATE_TABLE, SELECT_FROM_TABLE TO role1, role2;
GRANT PRIVILEGES INSERT_INTO_TABLE ON "PUBLIC.MY_TABLE" TO role1;
GRANT PRIVILEGES ALL TO role2;

GRANT TO user

Assigns roles to users.

Diagram( Terminal('GRANT'), NonTerminal('role_names', '#link_identifier_list'), Terminal('TO'), NonTerminal('user_names', '#link_identifier_list') )

Parameters:

  • role_names - the names of the roles to be assigned to users.

  • user_names - the names of the users to grant the roles to.

Examples:

GRANT role1 TO user1;

REVOKE

REVOKE FROM role

Revokes privileges from roles.

Diagram( NonTerminal('REVOKE'), Terminal('privileges', {href:'#link_privileges'}), NonTerminal('FROM'), Terminal('role_names', {href:'#link_identifier_list'}) )

Parameters:

  • privileges - the names of the privileges to be revoked.

  • role_names - the name of the roles to revoke the privileges from.

Examples:

Revokes the CREATE_TABLE role from

REVOKE PRIVILEGES CREATE_TABLE FROM role1;

REVOKE FROM user

Revokes roles from users.

Diagram( NonTerminal('REVOKE'), Terminal('role_names', {href:'#link_identifier_list'}), Terminal('FROM'), NonTerminal('user_names', {href:'#link_identifier_list'}) )

Parameters:

  • role_names - the names of the roles to revoke.

  • user_name - the names of the users to revoke the roles from.

Examples:

REVOKE role1 FROM user1;

SHOW GRANTS

Lists all privileges granted to the specified user or role.

Diagram( Terminal('SHOW GRANTS'), Terminal('FOR'), Choice(1, NonTerminal('user_name'), NonTerminal('role')), )

Parameters:

  • user_name - the name of the user.

  • role - the name of the role.

Examples:

SHOW GRANTS FOR user1;
SHOW GRANTS FOR role1;

Grammar Reference

Diagram( Choice(0, Terminal('ALL'), NonTerminal('actions', '#link_identifier_list')), Optional(Sequence(Terminal('ON'), NonTerminal('object_name')) ) )

Parameters:

  • actions - the names of the actions to grant or revoke.

  • object_name - the names of the objects the actions can be performed on.

Referenced by:

Diagram( NonTerminal("name"), OneOrMore(Terminal(','),NonTerminal("name")) )

Parameters:

  • name - the name of an entity on the list.

Referenced by:

© 2024 GridGain Systems, Inc. All Rights Reserved. Privacy Policy | Legal Notices. GridGain® is a registered trademark of GridGain Systems, Inc.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.

Last updated on Jul 13, 2024