GRANT (Schema)

Grants schema privileges to users and roles. By default, only superusers and the schema owner have the following schema privileges:

  • Create objects within a schema
  • Alter and drop a schema

By default, new users cannot access schema PUBLIC. You must explicitly grant all new users USAGE privileges on the PUBLIC schema.

Syntax

GRANT { privilege[,…] | ALL [ PRIVILEGES ] [ EXTEND ] }
   ON SCHEMA [database.]schema[,…]
   TO grantee[,…] 
   [ WITH GRANT OPTION ]  

Parameters

privilege

One of the following privileges:

  • USAGE: Enables access to objects in the specified schemas. Grantees can then be granted privileges on individual objects in these schemas in order to access them, for example, with GRANT TABLE and GRANT VIEW.
  • CREATE: Create objects in the specified schemas.

You can also grant the following privileges on a schema, to be inherited by tables and their projections, and by views of that schema. If inheritance is enabled for the database and schema, these privileges are automatically granted to those objects on creation:

  • SELECT: Query tables and views. SELECT privileges are granted by default to the PUBLIC role.
  • INSERT: Insert rows, or and load data into tables with COPY.

    COPY FROM STDIN is allowed for users with INSERT privileges, while COPY FROM file requires admin privileges.

  • UPDATE: Update table rows.
  • DELETE: Delete table rows.
  • REFERENCES: Create foreign key constraints on this table. This privilege must be set on both referencing and referenced tables.
  • TRUNCATE: Truncate table contents. Non-owners of tables can also execute the following partition operations on them:
  • ALTER: Modify the DDL of tables and views with ALTER TABLE and ALTER VIEW, respectively.
  • DROP: Drop tables and views.
ALL [PRIVILEGES][EXTEND]

Grants USAGE AND CREATE privileges. Inherited privileges must be granted explicitly.

You can qualify ALL with two optional keywords:

  • PRIVILEGES conforms with the SQL standard.
  • EXTEND extends the semantics of ALL to include ALTER and DROP privileges. An unqualified ALL excludes these two privileges. This option enables backward compatibility with GRANT ALL usage in pre-9.2.1 Vertica releases.
[database.]schema

Specifies a target schema. If you specify a database, it must be the current database.

grantee

Specifies who is granted privileges, one of the following:

WITH GRANT OPTION

Gives grantee the privilege to grant the same privileges to other users or roles, and also revoke them. For details, see Granting Privileges in the Administrator's Guide.

Privileges

Non-superuser: USAGE on the schema and one of the following:

  • Owner
  • Privileges grantee given the option (WITH GRANT OPTION) of granting privileges to other users or roles.

Examples

Grant user Joe USAGE privilege on schema online_sales.

=> CREATE USER Joe;
CREATE USER
=> GRANT USAGE ON SCHEMA online_sales TO Joe;
GRANT PRIVILEGE

See Also