| title | GRANT <privileges> | TiDB SQL Statement Reference | |
|---|---|---|
| summary | An overview of the usage of GRANT <privileges> for the TiDB database. | |
| category | reference | |
| aliases |
|
This statement allocates privileges to a pre-existing user in TiDB. The privilege system in TiDB follows MySQL, where credentials are assigned based on a database/table pattern.
GrantStmt:
PrivElemList:
PrivElem:
PrivType:
ObjectType:
PrivLevel:
UserSpecList:
mysql> CREATE USER newuser IDENTIFIED BY 'mypassword';
Query OK, 1 row affected (0.02 sec)
mysql> GRANT ALL ON test.* TO 'newuser';
Query OK, 0 rows affected (0.03 sec)
mysql> SHOW GRANTS FOR 'newuser';
+-------------------------------------------------+
| Grants for newuser@% |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'newuser'@'%' |
| GRANT ALL PRIVILEGES ON test.* TO 'newuser'@'%' |
+-------------------------------------------------+
2 rows in set (0.00 sec)- Similar to MySQL, the
USAGEprivilege denotes the ability to log into a TiDB server. - Column level privileges are not currently supported.
- Similar to MySQL, when the
NO_AUTO_CREATE_USERsql mode is not present, theGRANTstatement will automatically create a new user with an empty password when a user does not exist. Removing this sql-mode (it is enabled by default) presents a security risk.