Skip to main content
Version: V1.0.0

Manage AI model permissions

The AI MODEL permissions are used to manage AI models and include the CREATE AI MODEL, ALTER AI MODEL, and DROP AI MODEL permissions. This topic describes the AI MODEL permissions.

Relationship with AI function call permissions

The AI MODEL permissions are used to register and manage AI models and endpoints, while the ACCESS AI MODEL permissions are used to call AI functions in SQL. When registering and managing models and endpoints, you only need the AI MODEL permissions, not the ACCESS AI MODEL permissions. However, to successfully call an AI function in SQL, you need both the completed registration of the model and endpoint (which requires the AI MODEL permissions) and the ACCESS AI MODEL permissions. In other words: Registering a model and calling an AI function require different permissions, and in most practical scenarios, both are needed.

Syntax

The syntax for granting permissions is as follows:

-- Grant the CREATE AI MODEL permission
GRANT CREATE AI MODEL ON *.* TO 'username'@'host';

-- Grant the ALTER AI MODEL permission
GRANT ALTER AI MODEL ON *.* TO 'username'@'host';

-- Grant the DROP AI MODEL permission
GRANT DROP AI MODEL ON *.* TO 'username'@'host';

GRANT CREATE AI MODEL, ALTER AI MODEL, DROP AI MODEL ON *.* TO 'username'@'host';

The syntax for revoking permissions is as follows:

-- Revoke the CREATE AI MODEL permission
REVOKE CREATE AI MODEL ON *.* FROM 'username'@'host';

-- Revoke the ALTER AI MODEL permission
REVOKE ALTER AI MODEL ON *.* FROM 'username'@'host';

-- Revoke the DROP AI MODEL permission
REVOKE DROP AI MODEL ON *.* FROM 'username'@'host';

-- Check the permissions
SHOW GRANTS FOR 'username'@'host';

Examples

  1. Create a user

    CREATE USER test_ai_user@'%' IDENTIFIED BY '123456';

  2. Log in as the test_ai_user user

    mysql -h 127.0.0.1 -P 2881 -u test_ai_user -p *** -A -D test;

  3. Call the CREATE_AI_MODEL_ENDPOINT procedure

    CALL DBMS_AI_SERVICE.CREATE_AI_MODEL_ENDPOINT (
        ->   'user_ai_model_endpoint_1', '{
        '>     "ai_model_name": "my_model1",
        '>     "url": "https://https://api.deepseek.com",
        '>     "access_key": "sk-xxxxxxxxxxxx",
        '>     "request_model_name": "deepseek-chat",
        '>     "provider": "deepseek"
        '>   }');

    The operation fails because the CREATE AI MODEL permission is not granted.

    ERROR 42501: Access denied; you need (at least one of) the create ai model endpoint privilege(s) for this operation

  4. Grant the CREATE AI MODEL permission to the test_ai_user user

    GRANT CREATE AI MODEL ON *.* TO test_ai_user@'%';

  5. Verify the permissions

    CALL DBMS_AI_SERVICE.CREATE_AI_MODEL_ENDPOINT (
        ->   'user_ai_model_endpoint_1', '{
        '>     "ai_model_name": "my_model1",
        '>     "url": "https://https://api.deepseek.com",
        '>     "access_key": "sk-xxxxxxxxxxxx",
        '>     "request_model_name": "deepseek-caht",
        '>     "provider": "deepseek"
        '>   }');

    The operation succeeds.

References

Contents

Edit this page