box.schema.user.grant()
-
box.schema.user.
grant
(user-name, privileges, object-type, object-name[, {options}]) -
box.schema.user.
grant
(user-name, privileges, 'universe'[, nil, {options}]) -
box.schema.user.
grant
(user-name, role-name[, nil, nil, {options}]) Grant privileges to a user or to another role.
Parameters: - user-name (string) – the name of the user.
- privileges (string) – ‘read’ or ‘write’ or ‘execute’ or ‘create’ or ‘alter’ or ‘drop’ or a combination.
- object-type (string) – ‘space’ or ‘function’ or ‘sequence’ or ‘role’.
- object-name (string) – name of object to grant permissions for.
- role-name (string) – name of role to grant to user.
- options (table) –
grantor
,if_not_exists
.
If
'function','object-name'
is specified, then a _func tuple with that object-name must exist.Variation: instead of
object-type, object-name
say ‘universe’ which means ‘all object-types and all objects’. In this case, object name is omitted.Variation: instead of
privilege, object-type, object-name
sayrole-name
(see section Roles).Variation: instead of
box.schema.user.grant('user-name','usage,session','universe',nil,
{if_not_exists=true})
saybox.schema.user.enable('user-name')
.The possible options are:
grantor
= grantor_name_or_id – string or number, for custom grantor,if_not_exists
=true|false
(default =false
) - boolean;true
means there should be no error if the user already has the privilege.
Example:
box.schema.user.grant('Lena', 'read', 'space', 'tester') box.schema.user.grant('Lena', 'execute', 'function', 'f') box.schema.user.grant('Lena', 'read,write', 'universe') box.schema.user.grant('Lena', 'Accountant') box.schema.user.grant('Lena', 'read,write,execute', 'universe') box.schema.user.grant('X', 'read', 'universe', nil, {if_not_exists=true}))