25-grant.md 2.4 KB
Newer Older
1
---
2 3 4
sidebar_label: Access Control
title: User and Access Control
description: Manage user and user's permission
5 6
---

7
This document describes how to manage permissions in TDengine.
8

9
## Create a User
10 11

```sql
12
CREATE USER use_name PASS 'password';
13 14
```

15
This statement creates a user account.
16

17
The maximum length of use_name is 23 bytes.
18

19
The maximum length of password is 128 bytes. The password can include leters, digits, and special characters excluding single quotation marks, double quotation marks, backticks, backslashes, and spaces. The password cannot be empty.
20

21
## Delete a User
22 23 24 25 26

```sql
DROP USER user_name;
```

27
## Modify User Information
28 29 30 31 32 33 34 35 36 37 38

```sql
ALTER USER user_name alter_user_clause
 
alter_user_clause: {
    PASS 'literal'
  | ENABLE value
  | SYSINFO value
}
```

39 40 41
- PASS: Modify the user password.
- ENABLE: Specify whether the user is enabled or disabled. 1 indicates enabled and 0 indicates disabled.
- SYSINFO: Specify whether the user can query system information. 1 indicates that the user can query system information and 0 indicates that the user cannot query system information.
42 43


44
## Grant Permissions
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64

```sql
GRANT privileges ON priv_level TO user_name
 
privileges : {
    ALL
  | priv_type [, priv_type] ...
}
 
priv_type : {
    READ
  | WRITE
}
 
priv_level : {
    dbname.*
  | *.*
}
```

65
Grant permissions to a user.
66

67
Permissions are granted on the database level. You can grant read or write permissions.
68

69
TDengine has superusers and standard users. The default superuser name is root. This account has all permissions. You can use the superuser account to create standard users. With no permissions, standard users can create databases and have permissions on the databases that they create. These include deleting, modifying, querying, and writing to their own databases. Superusers can grant users permission to read and write other databases. However, standard users cannot delete or modify databases created by other users.
70

71
For non-database objects such as users, dnodes, and user-defined functions, standard users have read permissions only, generally by means of the SHOW statement. Standard users cannot create or modify these objects.
72

73
## Revoke Permissions
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94

```sql
REVOKE privileges ON priv_level FROM user_name
 
privileges : {
    ALL
  | priv_type [, priv_type] ...
}
 
priv_type : {
    READ
  | WRITE
}
 
priv_level : {
    dbname.*
  | *.*
}

```

95
Revoke permissions from a user.