box.schema.user.grant()

box.schema.user.grant(user-name, privileges, object-type, object-name[, {options}])¶

box.schema.user.grant(user-name, privileges, 'universe'[, nil, {options}])

box.schema.user.grant(user-name, role-name[, nil, nil, {options}])

Grant privileges to a user or to another role.

Parameters:

user-name (string) – the name of a user to grant privileges to privileges (string) – one or more privileges to grant to the user (for example, read or read,write) object-type (string) – a database object type to grant privileges to (for example, space, role, or function) object-name (string) – the name of a database object to grant privileges to role-name (string) – the name of a role to grant to the user options (table) – grantor, if_not_exists

If 'function','object-name' is specified, then a _func tuple with that object-name must exist.

Variation: instead of object-type, object-name say ‘universe’ which means ‘all object-types and all objects’. In this case, object name is omitted.

Variation: instead of privilege, object-type, object-name say role-name (see section Roles).

Variation: instead of box.schema.user.grant('user-name','usage,session','universe',nil, {if_not_exists=true}) say box.schema.user.enable('user-name').

The possible options are:

• grantor = grantor_name_or_id – string or number, for custom grantor,
• if_not_exists = true|false (default = false) - boolean; true means there should be no error if the user already has the privilege.

Example:

box.schema.user.grant('Lena', 'read', 'space', 'tester')
box.schema.user.grant('Lena', 'execute', 'function', 'f')
box.schema.user.grant('Lena', 'read,write', 'universe')
box.schema.user.grant('Lena', 'Accountant')
box.schema.user.grant('Lena', 'read,write,execute', 'universe')
box.schema.user.grant('X', 'read', 'universe', nil, {if_not_exists=true})