GRANT (TLS configuration)

Grants privileges on a TLS CONFIGURATION to a user or role.

To revoke granted privileges, see GRANT (TLS configuration).

Syntax

GRANT { privilege[,...] } ON TLS CONFIGURATION
    tls_configuration[,...]
    TO grantee[,...]
    [ WITH GRANT OPTION ]

Parameters

privilege

The privilege to grant. Currently, the only supported privilege is ALTER, which allows the grantee to add or remove certificates, change the TLSMODE, etc.

tls_configuration

The target TLS CONFIGURATION.

grantee

Specifies who is granted privileges, one of the following:

user-name
role
PUBLIC: Default role of all users

WITH GRANT OPTION

Gives grantee the privilege to grant the same privileges to other users or roles, and also revoke them. For details, see Granting privileges.

Privileges

Non-superuser:

Owner
Privileges grantee given the option (WITH GRANT OPTION) of granting privileges to other users or roles.

Examples

You can grant ALTER on a TLS CONFIGURATION to a user or role to delegate management of that TLS context, which includes adding and removing certificates, setting the TLSMODE, etc. For example, the following statement grants ALTER privileges on the TLS CONFIGURATION server to the role client_server_tls_manager:

=> GRANT ALTER ON TLS CONFIGURATION server TO client_server_tls_manager;