SHOW GRANTS
SHOW GRANTS 显示已授予用户或角色的所有权限。
有关角色和权限的更多信息,请参见权限概述。
提示
所有角色和用户都可以查看授予他们的权限或分配给他们的角色。 只有具有user_admin角色的用户才能查看指定用户或角色的权限。
语法
SHOW GRANTS; -- View the privileges of the current user.
SHOW GRANTS FOR ROLE <role_name>; -- View the privileges of a specific role.
SHOW GRANTS FOR <user_identity>; -- View the privileges of a specific user.
参数
- role_name
- user_identity
返回字段
-- View the privileges of a specific user.
+--------------+--------+---------------------------------------------+
|UserIdentity |Catalog | Grants |
+--------------+--------+---------------------------------------------+
-- View the privileges of a specific role.
+-------------+--------+-------------------------------------------------------+
|RoleName |Catalog | Grants |
+-------------+-----------------+----------------------------------------------+
| 字段 | 描述 |
|---|---|
| UserIdentity | 用户身份,在查询用户的权限时显示。 |
| RoleName | 角色名称,在查询角色的权限时显示。 |
| Catalog | Catalog 名称。 如果在 StarRocks 内部目录上执行 GRANT 操作,则返回 default。如果在外部目录上执行 GRANT 操作,则返回外部目录的名称。 如果 Grants 列中显示的操作是分配角色,则返回 NULL。 |
| Grants | 具体的 GRANT 操作。 |
示例
mysql> SHOW GRANTS;
+--------------+---------+----------------------------------------+
| UserIdentity | Catalog | Grants |
+--------------+---------+----------------------------------------+
| 'root'@'%' | NULL | GRANT 'root', 'testrole' TO 'root'@'%' |
+--------------+---------+----------------------------------------+
mysql> SHOW GRANTS FOR 'user_g'@'%';
+-------------+-------------+-----------------------------------------------------------------------------------------------+
|UserIdentity |Catalog |Grants |
+-------------+-------------------------------------------------------------------------------------------------------------+
|'user_g'@'%' |NULL |GRANT role_g, public to `user_g`@`%`; |
|'user_g'@'%' |NULL |GRANT IMPERSONATE ON USER `user_a`@`%` TO USER `user_g`@`%`; |
|'user_g'@'%' |default |GRANT CREATE_DATABASE ON CATALOG default_catalog TO USER `user_g`@`%`; |
|'user_g'@'%' |default |GRANT ALTER, DROP, CREATE_TABLE ON DATABASE db1 TO USER `user_g`@`%`; |
|'user_g'@'%' |default |GRANT CREATE_VIEW ON DATABASE db1 TO USER `user_g`@`%` WITH GRANT OPTION; |
|'user_g'@'%' |default |GRANT ALTER, DROP, SELECT, INGEST, EXPORT, DELETE, UPDATE ON TABLE db.* TO USER `user_g`@`%`; |
|'user_g'@'%' |default |GRANT ALTER, DROP, SELECT ON VIEW db2.view TO USER `user_g`@`%`; |
|'user_g'@'%' |Hive_catalog |GRANT USAGE ON CATALOG Hive_catalog TO USER `user_g`@`%` |
+-------------+--------------+-----------------------------------------------------------------------------------------------+
mysql> SHOW GRANTS FOR ROLE role_g;
+-------------+--------+-------------------------------------------------------+
|RoleName |Catalog | Grants |
+-------------+-----------------+----------------------------------------------+
|role_g |NULL | GRANT role_p, role_test TO ROLE role_g; |
|role_g |default | GRANT SELECT ON *.* TO ROLE role_g WITH GRANT OPTION; |
+-------------+--------+--------------------------------------------------------+