Grant
Important
This documentation has been retired and might not be updated. The products, services, or technologies mentioned in this content are no longer supported. See GRANT.
GRANT
privilege_type [, privilege_type ] ...
ON (CATALOG | DATABASE <database-name> | TABLE <table-name> | VIEW <view-name> | FUNCTION <function-name> | ANONYMOUS FUNCTION | ANY FILE)
TO principal
privilege_type
: SELECT | CREATE | MODIFY | READ_METADATA | CREATE_NAMED_FUNCTION | ALL PRIVILEGES
principal
: `<user>@<domain-name>` | <group-name>
Grant a privilege on an object to a user or principal. Granting a privilege on a database
(for example a SELECT
privilege) has the effect of implicitly granting that privilege on all
objects in that database. Granting a specific privilege on the catalog has the effect of implicitly
granting that privilege on all databases in the catalog.
To grant a privilege to all users, specify the keyword users
after TO
.
Examples
GRANT SELECT ON DATABASE <database-name> TO `<user>@<domain-name>`
GRANT SELECT ON ANONYMOUS FUNCTION TO `<user>@<domain-name>`
GRANT SELECT ON ANY FILE TO `<user>@<domain-name>`
View-based access control
You can configure fine-grained access control (to rows and columns matching specific conditions, for example) by granting access to derived views that contain arbitrary queries.
Examples
CREATE OR REPLACE VIEW <view-name> AS SELECT columnA, columnB FROM <table-name> WHERE columnC > 1000;
GRANT SELECT ON VIEW <view-name> TO `<user>@<domain-name>`;
For details on required table ownership, see Hive metastore privileges and securable objects (legacy).