In CockroachDB, privileges are granted to roles and users at the database and table levels. They are not yet supported for other granularities such as columns or rows.
When a user connects to a database, either via the built-in SQL client or a client driver, CockroachDB checks the user and role's privileges for each statement executed. If the user does not have sufficient privileges for a statement, CockroachDB gives an error.
For the privileges required by specific statements, see the documentation for the respective SQL statement.
Supported Privileges
For a full list of supported privileges, see the GRANT
documentation.
Granting Privileges
To grant privileges to a role or user, use the GRANT
statement, for example:
> GRANT SELECT, INSERT ON bank.accounts TO maxroach;
Showing Privileges
To show privileges granted to roles or users, use the SHOW GRANTS
statement, for example:
> SHOW GRANTS ON DATABASE bank FOR maxroach;
Revoking Privileges
To revoke privileges from roles or users, use the REVOKE
statement, for example:
> REVOKE INSERT ON bank.accounts FROM maxroach;