box.schema.role.grant()
-
box.schema.role.
grant
(role-name, privilege, object-type, object-name[, option])¶ -
box.schema.role.
grant
(role-name, privilege, 'universe'[, nil, option]) -
box.schema.role.
grant
(role-name, role-name[, nil, nil, option]) Grant privileges to a role.
Parameters: - role-name (
string
) – the name of the role. - privilege (
string
) – ‘read’ or ‘write’ or ‘execute’ or ‘create’ or ‘alter’ or ‘drop’ or a combination. - object-type (
string
) – ‘space’ or ‘function’ or ‘sequence’ or ‘role’. - object-name (
string
) – the name of a function or space or sequence or role. - option (
table
) –if_not_exists
=true|false
(default =false
) - boolean;true
means there should be no error if the role already has the privilege.
The role must exist, and the object must exist.
Variation: instead of
object-type, object-name
say ‘universe’ which means ‘all object-types and all objects’. In this case, object name is omitted.Variation: instead of
privilege, object-type, object-name
sayrole-name
– to grant a role to a role.Example:
box.schema.role.grant('Accountant', 'read', 'space', 'tester') box.schema.role.grant('Accountant', 'execute', 'function', 'f') box.schema.role.grant('Accountant', 'read,write', 'universe') box.schema.role.grant('public', 'Accountant') box.schema.role.grant('role1', 'role2', nil, nil, {if_not_exists=false})
- role-name (