Granting Privileges

As described in Granting and Revoking Privileges, specific users grant privileges using the GRANT statement with or without the optional WITH GRANT OPTION, which allows the user to grant the same privileges to other users.

  • A superuser can grant privileges on all object types to other users.
  • A superuser or object owner can grant privileges to roles. Users who have been granted the role then gain the privilege.
  • An object owner can grant privileges on the object to other users using the optional WITH GRANT OPTION clause.
  • The user needs to have USAGE privilege on schema and appropriate privileges on the object.

When a user grants an explicit list of privileges, such as GRANT INSERT, DELETE, REFERENCES ON applog TO Bob:

  • The GRANT statement succeeds only if all the roles are granted successfully. If any grant operation fails, the entire statement rolls back.
  • Vertica will return ERROR if the user does not have grant options for the privileges listed.

When a user grants ALL privileges, such as GRANT ALL ON applog TO Bob, the statement always succeeds. Vertica grants all the privileges on which the grantor has the WITH GRANT OPTION and skips those privileges without the optional WITH GRANT OPTION.

For example, if the user Bob has delete privileges with the optional grant option on the applog table, only DELETE privileges are granted to Bob, and the statement succeeds:

=> GRANT DELETE ON applog TO Bob WITH GRANT OPTION;GRANT PRIVILEGE

For details, see the GRANT Statements in the SQL Reference Manual.