GRANT (table)

Grants table privileges to users and roles. Users must also be granted USAGE on the table schema.

Syntax

GRANT { privilege[,...] | ALL [ PRIVILEGES ] [ EXTEND ] }
   ON {
     [ TABLE ] [[database.]schema.]table[,...]
     | ALL TABLES IN SCHEMA [database.]schema[,...] }
   TO grantee[,...]
   [ WITH GRANT OPTION ]

Parameters

privilege

The following privileges are valid for tables:

Important

Only SELECT privileges are valid for system tables.

• SELECT: Query tables. SELECT privileges are granted by default to the PUBLIC role.

• INSERT: Insert table rows with INSERT, and load data with COPY.

  Note

  COPY FROM STDIN is allowed for users with INSERT privileges, while COPY FROM file requires admin privileges.

• UPDATE: Update table rows.

• DELETE: Delete table rows.

• REFERENCES: Create foreign key constraints on this table. This privilege must be set on both referencing and referenced tables.

• TRUNCATE: Truncate table contents. Non-owners of tables can also execute the following partition operations on them:

  • DROP_PARTITIONS
  • SWAP_PARTITIONS_BETWEEN_TABLES
  • MOVE_PARTITIONS_TO_TABLE

• ALTER: Modify a table's DDL with ALTER TABLE.

• DROP: Drop a table.

ALL [PRIVILEGES][EXTEND]

Invalid for system tables, grants all table privileges that also belong to the grantor. Grantors cannot grant privileges that they themselves lack.

You can qualify ALL with two optional keywords:

• PRIVILEGES conforms with the SQL standard.

• EXTEND extends the semantics of ALL to include ALTER and DROP privileges. An unqualified ALL excludes these two privileges. This option enables backward compatibility with GRANT ALL usage in pre-9.2.1 Vertica releases.

[database.]schema

Specifies a schema, by default public. If schema is any schema other than public, you must supply the schema name. For example:

myschema.thisDbObject

One exception applies: you can specify system tables without their schema name.

If you specify a database, it must be the current database.

TABLE table

Specifies the table on which to grant privileges.

Note

The table can be a global temporary table, but not a local temporary table. See Creating temporary tables.

ON ALL TABLES IN SCHEMA schema ``

Grants the specified privileges on all tables and views in schema schema.

grantee

Specifies who is granted privileges, one of the following:

• [user‑name](/en/admin/db-users-and-privileges/db-users/)
• [role](/en/admin/db-users-and-privileges/db-roles/)

• PUBLIC: Default role of all users

WITH GRANT OPTION

Gives grantee the privilege to grant the same privileges to other users or roles, and also revoke them. For details, see Granting privileges.

Privileges

Non-superusers require USAGE on the schema and one of the following:

• Owner

• Privileges grantee given the option (WITH GRANT OPTION) of granting privileges to other users or roles.

Examples

Grant user Joe all privileges on table customer_dimension:

=> CREATE USER Joe;
CREATE USER
=> GRANT ALL PRIVILEGES ON TABLE customer_dimension TO Joe;
GRANT PRIVILEGE

Grant user Joe SELECT privileges on all system tables:

=> GRANT SELECT on all tables in schema V_MONITOR, V_CATALOG TO Joe;
GRANT PRIVILEGE

See also

• REVOKE (table)
• Granting and revoking privileges