GRANT (TLS configuration)
Grants privileges on a TLS Configuration to a user or role.
To revoke granted privileges, see REVOKE (TLS configuration).
Superusers have limited access to cryptographic objects that they do not own. For details, see Database object privileges.
Syntax
GRANT { privilege[,...] } ON TLS CONFIGURATION
tls_configuration[,...]
TO grantee[,...]
[ WITH GRANT OPTION ]
Parameters
privilege
A privilege, one of the following:
-
USAGE: Allows the user to set the TLS Configuration for a type of connection and view its contents in the system table TLS_CONFIGURATIONS. For details, see Security parameters.
-
tls_configuration
- The target TLS Configuration.
grantee
Specifies who is granted privileges, one of the following:
WITH GRANT OPTION
Gives
grantee
the privilege to grant the same privileges to other users or roles, and also revoke them. For details, see Granting privileges.
Privileges
Non-superuser:
-
Owner
-
Privileges grantee given the option (
WITH GRANT OPTION
) of granting privileges to other users or roles.
Examples
You can grant ALTER on a TLS Configuration to a user or role to delegate management of that TLS context, which includes adding and removing certificates, setting the TLSMODE, etc. For example, the following statement grants ALTER privileges on the TLS CONFIGURATION server
to the role client_server_tls_manager
:
=> GRANT ALTER ON TLS CONFIGURATION server TO client_server_tls_manager;