GRANTS

Provides information about privileges granted on various objects, the granting user, and grantee user. The order of columns in the table corresponds to the order in which they appear in the GRANT command. The GRANTS table does not retain the role grantor.

Column Name Datan Type Description
GRANTEE VARCHAR The user being granted permission.
GRANTEE_ID INTEGER

A unique numeric ID assigned by the Vertica catalog that identifies the user granted permissions.
GRANT_ID

INTEGER

 A unique numeric ID assigned by the Vertica catalog that identifies the
GRANTOR

VARCHAR

The user granting the permission.
GRANTOR_ID

INTEGER

A unique numeric ID assigned by the Vertica catalog that identifies the user who performed the grant operation.
OBJECT_ID

INTEGER

A unique numeric ID assigned by the Vertica catalog that identifies the object granted.
OBJECT_NAME

VARCHAR

The name of the object that is being granted privileges. Note that for schema privileges, the schemaname appears in the OBJECT_NAME column instead of the OBJECT_SCHEMA column.

OBJECT_SCHEMA

VARCHAR

The name of the schema that is being granted privileges.
OBJECT_TYPE

VARCHAR

The object type on which the grant was applied; for example, ROLE, SCHEMA, DATABASE, RESOURCEPOOL. Output from this column is useful in cases where a schema, resource pool, or user share the same name.
PRIVILEGES_DESCRIPTION

VARCHAR

 A readable description of the privileges being granted; for example INSERT, SELECT. An asterisk in PRIVILEGES_DESCRIPTION output indicates a privilege WITH GRANT OPTION.

Notes

The vsql commands \dp and \z both include the schema name in the output. For example: 

=> \dp
         Access privileges for database "vmartdb"
 Grantee | Grantor | Privileges | Schema |      Name
---------+---------+------------+--------+-----------------
         | dbadmin | USAGE      |        | public
         | dbadmin | USAGE      |        | v_internal
         | dbadmin | USAGE      |        | v_catalog
         | dbadmin | USAGE      |        | v_monitor
         | dbadmin | USAGE      |        | v_internal
         | dbadmin | USAGE      |        | v_catalog
         | dbadmin | USAGE      |        | v_monitor
         | dbadmin | USAGE      |        | v_internal
         | dbadmin | USAGE      |        | designer_system
(9 rows)

The vsql command \dp *.tablename displays table names in all schemas. This command lets you distinguish grants for same-named tables in different schemas:

=> \dp *.events
                     Access privileges for database "dbadmin"
 Grantee | Grantor |                 Privileges                 | Schema  | Name
---------+---------+--------------------------------------------+---------+--------
 user2   | dbadmin | INSERT, SELECT, UPDATE, DELETE, REFERENCES | schema1 | events
 user1   | dbadmin | SELECT                                     | schema1 | events
 user2   | dbadmin | INSERT, SELECT, UPDATE, DELETE, REFERENCES | schema2 | events
 user1   | dbadmin | INSERT, SELECT                             | schema2 | events
(4 rows)

The vsql command \dp schemaname.* displays all tables in the named schema:

=> \dp schema1.*
                     Access privileges for database "dbadmin"
 Grantee | Grantor |            Privileges                      | Schema       | Name  
---------+---------+--------------------------------------------+--------------+------------
 user2   | dbadmin | INSERT, SELECT, UPDATE, DELETE, REFERENCES | schema1      | events
 user1   | dbadmin | SELECT                                     | schema1      | events
(2 rows)

Examples

This example shows CREATE and USAGE privileges granted to Bob in the fictitious apps database:

=> SELECT grantor, privileges_description, object_schema, object_name, grantee
   FROM grants;
 grantor | privileges_description | object_schema | object_name | grantee
---------+------------------------+---------------+-------------+---------
 dbadmin | USAGE                  |               | general     | Bob
 dbadmin | CREATE                 |               | schema2     | Bob
(2 rows)

This next query looks for privileges granted to a particular set of grantees. The asterisk in privileges_description column for User1 means that user has WITH GRANT OPTION privileges.

 => SELECT grantor, privileges_description, object_schema, object_name, grantee
   FROM grants WHERE grantee ILIKE 'User%';
 grantor |   privileges_description  | object_schema | object_name | grantee
---------+---------------------------+---------------+-------------+--------- 
 release | USAGE                     |               | general     | User1
 release | USAGE                     |               | general     | User2
 release | USAGE                     |               | general     | User3
 release | USAGE                     |               | s1          | User1 
 release | USAGE                     |               | s1          | User2 
 release | USAGE                     |               | s1          | User3
 User1   | INSERT*, SELECT*, UPDATE* | s1            | t1          | User1
(7 rows)

In the following example, online_sales is the schema that first gets privileges, and then inside that schema the anchor table gets SELECT privileges:

=> SELECT grantee, grantor, privileges_description, object_schema, object_name
   FROM grants WHERE grantee='u1' ORDER BY object_name;

 grantee | grantor | privileges_description | object_schema | object_name
---------+---------+------------------------+-------- ------+------------------
 u1      | dbadmin | CREATE                 |               | online_sales
 u1      | dbadmin | SELECT                 | online_sales  | online_sales_fact

The following statement shows all grants for user Bob:

-> SELECT * FROM GRANTS WHERE grantee = 'Bob';
-[ RECORD 1 ]----------+--------------------
grant_id               | 45035996273749244
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description | USAGE
object_schema          |
object_name            | general
object_id              | 45035996273718666
object_type            | RESOURCEPOOL
grantee_id             | 45035996273749242
grantee                | Bob
-[ RECORD 2 ]----------+--------------------
grant_id               | 45035996273749598
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description |
object_schema          |
object_name            | dbadmin
object_id              | 45035996273704968
object_type            | ROLE
grantee_id             | 45035996273749242
grantee                | Bob
-[ RECORD 3 ]----------+--------------------
grant_id               | 45035996273749716
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description |
object_schema          |
object_name            | dbadmin
object_id              | 45035996273704968
object_type            | ROLE
grantee_id             | 45035996273749242
grantee                | Bob
-[ RECORD 4 ]----------+--------------------
grant_id               | 45035996273755986
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description |
object_schema          |
object_name            | pseudosuperuser
object_id              | 45035996273704970
object_type            | ROLE
grantee_id             | 45035996273749242
grantee                | Bob
-[ RECORD 5 ]----------+--------------------
grant_id               | 45035996273756986
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description | CREATE, CREATE TEMP
object_schema          |
object_name            | mcdb
object_id              | 45035996273704974
object_type            | DATABASE
grantee_id             | 45035996273749242
grantee                | Bob
-[ RECORD 5 ]----------+--------------------
...

See Also