In CockroachDB, privileges are granted to users at the database and table levels. They are not yet supported for other granularities such as columns or rows.

When a user connects to a database, either via the built-in SQL client or a client driver, CockroachDB checks the user’s privileges for each statement executed. If the user does not have sufficient privileges for a statement, CockroachDB gives an error.

For the privileges required by specific statements, see the documentation for the respective SQL statement.

Supported Privileges

For a full list of supported privileges, see the GRANT documentation.

Granting Privileges

To grant privileges to a user, use the GRANT statement, for example:

> GRANT SELECT, INSERT ON bank.accounts TO maxroach;

Showing Privileges

To show privileges granted to users, use the SHOW GRANTS statement, for example:

> SHOW GRANTS ON DATABASE bank FOR maxroach;

Revoking Privileges

To revoke privileges from users, use the REVOKE statement, for example:

> REVOKE INSERT ON bank.accounts FROM maxroach;

See Also



Yes No