key-privileges.md
A privilege, one of the following:
-
USAGE: Allows a user to perform the following actions:
-
View the contents of the key.
-
Create or sign certificates using the key.
USAGE on the key also gives implicit USAGE privileges on a certificate that uses it as its private key. Users can also get these privileges from ownership of the key or certificate. USAGE privileges on a certificate allow a user to perform the following actions:
-
View the contents of the certificate.
-
Add (with CREATE or ALTER) the certificate to a TLS Configuration.
-
Reuse the CA certificate when importing certificates signed by it. For example, if a user imports a chain of certificates
A > B > C
and have USAGE onB
, the database reusesB
(as opposed to creating a duplicate ofB
). -
Specify that the CA certificate signed an imported certificate. For example, if certificate
B
signed certificateC
, USAGE onB
allows a user to importC
and specify that it was SIGNED BYB
.
-
-
ALTER: Allows a user to see the key and its associated certificates in their respective system tables, but not their contents.