Note:
Cockroach Labs supports the current stable release and two releases prior. Therefore, this version will no longer be supported after the Fall 2019 release.

In CockroachDB, privileges are granted to roles and users at the database and table levels. They are not yet supported for other granularities such as columns or rows.

When a user connects to a database, either via the built-in SQL client or a client driver, CockroachDB checks the user and role's privileges for each statement executed. If the user does not have sufficient privileges for a statement, CockroachDB gives an error.

For the privileges required by specific statements, see the documentation for the respective SQL statement.

Supported Privileges

For a full list of supported privileges, see the GRANT documentation.

Granting Privileges

To grant privileges to a role or user, use the GRANT statement, for example:

> GRANT SELECT, INSERT ON bank.accounts TO maxroach;

Showing Privileges

To show privileges granted to roles or users, use the SHOW GRANTS statement, for example:

> SHOW GRANTS ON DATABASE bank FOR maxroach;

Revoking Privileges

To revoke privileges from roles or users, use the REVOKE statement, for example:

> REVOKE INSERT ON bank.accounts FROM maxroach;

See Also



Yes No