SQL - GRANT

Changes the permission of a role, granting it access to one or more resources. To remove access to a resource from the role, see the REVOKE command.

Syntax

GRANT [ <permission> | POLICY <policyName> ] ON <resource> TO <role>
  • <permission> Defines the permission you want to grant to the role.
  • <policyName> Defines the name of a security policy
  • <resource> Defines the resource on which you want to grant the permissions.
  • <role> Defines the role you want to grant the permissions.

Examples

  • Grant permission to update any record in the cluster account to the role backoffice:

    orientdb> GRANT UPDATE ON database.cluster.account TO backoffice
    
  • Bind a security policy called policy1 to Person class records, for the role backoffice:

    orientdb> GRANT POLICY policy1 ON database.class.Person TO backoffice
    

For more information, see

Supported Permissions

Using this command, you can grant the following permissions to a role.

Permission Description
NONE Grants no permissions on the resource.
CREATE Grants create permissions on the resource, such as the CREATE CLASS or CREATE CLUSTER commands.
READ Grants read permissions on the resource, such as the SELECT query.
UPDATE Grants update permissions on the resource, such as the UPDATE or UPDATE EDGE commands.
DELETE Grants delete permissions on the resource, such as the DROP INDEX or DROP SEQUENCE commands.
ALL Grants all permissions on the resource.

Supported Resources

Using this command, you can grant permissions on the following resources.

Resource Description
database Grants access on the current database.
database.class.<class> Grants access on records contained in the indicated class. Use ** to indicate all classes.
database.class.<class>.<property> Grants access on a single property in the indicated class. Use ** to indicate all classes and/or all properties (this is intended only for security policies)
database.cluster.<cluster> Grants access to records contained in the indicated cluster. Use ** to indicate all clusters.
database.query Grants the ability to execute a query, (READ is sufficient).
database.command.<command> Grants the ability to execute the given command. Use CREATE for INSERT, READ for SELECT, UPDATE for UPDATE and DELETE for DELETE.
database.config.<permission> Grants access to the configuration. Valid permissions are READ and UPDATE.
database.hook.record Grants the ability to set hooks.
server.admin Grants the ability to access server resources.

Policy assignment is supported for records only, so you can assign security policies to class and property resources

results matching ""

    No results matching ""