Permission types
This topic describes the permission types of seekdb.
Privilege levels
The privileges of seekdb are divided into three levels:
- Global privileges: These privileges affect the entire seekdb system, such as modifying system settings and accessing all tables.
- Database privileges: These privileges affect all objects in a specific database, such as creating and deleting tables in the database and accessing tables.
- Object privileges: These privileges affect specific objects, such as accessing a specific table, view, or index.
The following table lists the privileges in seekdb.
| Privilege Category | Privilege | Description |
|---|---|---|
| Object Privileges | CREATE | Indicates whether the user can execute the CREATE TABLE statement. |
| Object Privileges | SELECT | Indicates whether the user can query data from all columns or specified columns of a table. |
| Object Privileges | INSERT | Indicates whether the user can insert data into all columns or specified columns of a table. |
| Object Privileges | UPDATE | Indicates whether the user can update data in all columns or specified columns of a table. |
| Object Privileges | DELETE | Indicates whether the user can delete existing data. |
| Object Privileges | DROP | Indicates whether the user can execute the DROP TABLE and DROP VIEW statements. |
| Object Privileges | INDEX | Indicates whether the user can create and drop table indexes. |
| Object Privileges | ALTER | Indicates whether the user can execute the RENAME TABLE and ALTER TABLE statements. |
| Object Privileges | CREATE VIEW | Indicates whether the user can create a view. |
| Object Privileges | SHOW VIEW | Indicates whether the user can view a view or understand how it executes. |
| Object Privileges | REFERENCES | Indicates whether the user can create foreign keys. When creating a foreign key for a table, the user must have the REFERENCES privilege on the parent table. |
| Object Privileges | TRIGGER | Indicates whether the user can activate trigger operations. The user must have this privilege when creating, viewing, or dropping a trigger. |
| Database Privileges | SELECT | Indicates whether the user can query data from a table. |
| Database Privileges | INSERT | Indicates whether the user can insert rows into a table. |
| Database Privileges | UPDATE | Indicates whether the user can modify existing data. |
| Database Privileges | DELETE | Indicates whether the user can delete existing data. |
| Database Privileges | CREATE | Indicates whether the user can execute the CREATE DATABASE, CREATE TABLE, CREATE SEQUENCE, and CREATE OUTLINE statements. |
| Database Privileges | DROP | Indicates whether the user can execute the DROP DATABASE, DROP TABLE, DROP VIEW, DROP SEQUENCE, and DROP OUTLINE statements. |
| Database Privileges | INDEX | Indicates whether the user can create and drop table indexes. |
| Database Privileges | ALTER | Indicates whether the user can execute the ALTER DATABASE, RENAME TABLE, ALTER TABLE, ALTER SEQUENCE, and ALTER OUTLINE statements. |
| Database Privileges | CREATE VIEW | Indicates whether the user can create a view. |
| Database Privileges | SHOW VIEW | Indicates whether the user can view a view or understand how it executes. |
| Database Privileges | CREATE ROUTINE | Indicates whether the user can create procedures and functions. |
| Database Privileges | ALTER ROUTINE | Indicates whether the user can modify or drop procedures and functions. |
| Database Privileges | EXECUTE | Indicates whether the user can execute procedures and functions. |
| Database Privileges | REFERENCES | Indicates whether the user can create foreign keys. |
| Database Privileges | TRIGGER | Indicates whether the user can activate trigger operations. The user must have this privilege when creating, viewing, or dropping a trigger. |
| Global Privileges | CREATE | Indicates whether the user can execute the CREATE DATABASE, CREATE TABLE, CREATE SEQUENCE, and CREATE OUTLINE statements. |
| Global Privileges | ALTER | Indicates whether the user can execute the ALTER DATABASE, RENAME TABLE, ALTER TABLE, ALTER SEQUENCE, and ALTER OUTLINE statements. |
| Global Privileges | SELECT | Indicates whether the user can query data from a table. |
| Global Privilege | INSERT | Specifies whether a user can insert rows into a table. |
| Global Privilege | UPDATE | Specifies whether a user can modify existing data. |
| Global Privilege | DELETE | Specifies whether a user can delete existing data. |
| Global Privilege | DROP | Specifies whether a user can execute the DROP DATABASE, DROP TABLE, DROP VIEW, DROP SEQUENCE, DROP OUTLINE statements. |
| Global Privilege | INDEX | Specifies whether a user can create and drop table indexes. |
| Global Privilege | CREATE VIEW | Specifies whether a user can create views. |
| Global Privilege | SHOW VIEW | Specifies whether a user can view views or understand how views execute. |
| Global Privilege | REFERENCES | Specifies whether a user can create foreign keys. |
| Global Privilege | ALTER SYSTEM | Grants the privilege to execute the ALTER SYSTEM command. |
| Global Privilege | CREATE DATABASE LINK | Grants the privilege to create database links. |
| Global Privilege | DROP DATABASE LINK | Grants the privilege to drop database links. |
| Global Privilege | CREATE USER | Specifies whether a user can execute the CREATE USER, ALTER USER, DROP USER, CREATE ROLE, DROP ROLE statements. |
| Global Privilege | CREATE ROUTINE | Specifies whether a user can create procedures and functions. |
| Global Privilege | ALTER ROUTINE | Specifies whether a user can modify or drop procedures and functions. |
| Global Privilege | CREATE ROLE | Specifies whether a user can execute the CREATE ROLE statement. |
| Global Privilege | DROP ROLE | Specifies whether a user can execute the DROP ROLE statement. |
| Global Privilege | EXECUTE | Specifies whether a user can execute procedures and functions. |
| Global Privilege | PROCESS | Specifies whether a user can view other users' processes by using the SHOW PROCESSLIST command. |
| Global Privilege | TRIGGER | Specifies whether a user can activate trigger operations. When creating, viewing, or dropping a trigger, this privilege is required. |
| Global Privilege | SHOW DB | Specifies whether a user can view the names of all databases on the server, including those to which the user has sufficient access privileges. |
| Global Privilege | SHUTDOWN | Specifies whether a user can execute the mysqladmin shutdown command.You can grant or revoke this privilege by using the GRANT and REVOKE statements. However, after you grant this privilege, it will not take effect. |
| Global Privilege | RELOAD | Specifies whether a user can execute flush operations. You can grant or revoke this privilege by using the GRANT and REVOKE statements. However, after you grant this privilege, it will not take effect. |
| Global Privilege | FILE | Specifies whether a user can execute the SELECT INTO OUTFILE and LOAD DATA INFILE commands. |
| Global Privilege | SUPER | Specifies whether a user can execute some powerful management features, such as deleting user processes by using the KILL command, modifying global MySQL variables by using the SET GLOBAL command, and executing various commands related to replication and logs. |
| Global Privilege | GRANT OPTION | Grants a user the right to grant the privileges they own to other users, usually in conjunction with other privileges such as SELECT, INSERT, and UPDATE. |
| Global Privilege | ALL PRIVILEGES | Indicates that a user has all available privileges in the database, except for GRANT OPTION, ENCRYPT, and DECRYPT. |
| Global Privilege | PROXY | Grants a user the right to connect and operate on behalf of another user. For example, it allows user A to grant user B the right to connect and operate as user A without sharing the password. This is useful in scenarios where an application needs to use accounts with different privilege levels or implement user privilege delegation. |
| Data Catalog Privilege | CREATE CATALOG | Specifies whether a user can execute the CREATE EXTERNAL CATALOG and DROP CATALOG statements. |
| Data Catalog Privilege | USE CATALOG | Specifies whether a user can execute the SET CATALOG, SHOW CATALOGS, SHOW CREATE CATALOG, and SELECT FROM CATALOG statements. |