MatrixOne Intelligence Permission Management
This article mainly introduces permission management in MatrixOne Intelligence, includingAdministrator permissions,User permissions,Role permissions,Database permissions,Table permissions,Publish subscription permissions
Administrator permissions
An administrator account will be created when each MatrixOne Intelligence instance is created. Objects with administrator permissions can have the following permissions:
| Permissions | Meaning |
|---|---|
| CREATE USER | Create User |
| DROP USER | Delete User |
| ALTER USER | Modify User |
| CREATE ROLE | Create Role |
| DROP ROLE | Delete Role |
| CREATE DATABASE | Create a database |
| DROP DATABASE | Delete the database |
| SHOW DATABASES | View all databases under current tenant |
| CONNECT | Allows to use use [database | role], which can executeSELECT without specific objects |
| MANAGE GRANTS | Permission Management. Including role authorization and role inheritance permissions |
| ALL [PRIVILEGES] | All permissions for Account |
| OWNERSHIP | Account All permissions can be set through WITH GRANT OPTION |
User permissions
Administrators can create users, and objects with user permissions can have the following permissions:
| Permissions | Meaning |
|---|---|
| Ownership | Manage all user permissions, including modifying user information, passwords, deleting users, and passing these permissions to other roles. |
Role Permissions
Objects with role permissions can have the following permissions:
| Permissions | Meaning |
|---|---|
| Ownership | Manage all permissions of a role, including modifying the role name, describing, and deleting the role, and you can pass these permissions to other roles. |
Database permissions
Objects with database permissions can have the following permissions:
| Permissions | Meaning |
|---|---|
| SHOW TABLES | View all tables in the current database |
| CREATE TABLE | Table creation permissions |
| DROP TABLE | Delete permission |
| CREATE VIEW | Create view permissions, create view cannot be queried without corresponding permissions |
| DROP VIEW | Delete View |
| ALTER TABLE | Modify table permissions |
| ALTER VIEW | Modify view permissions, the view cannot be modified without corresponding permissions |
| ALL [PRIVILEGES] | All permissions for the database |
| OWNERSHIP | All permissions of the database, attached WITH GRANT OPTION |
Table permissions
Objects with table permissions can have the following permissions:
| Permissions | Meaning |
|---|---|
| SELECT | Execute the SELECT command on the table |
| INSERT | Execute the INSERT command on the table |
| UPDATE | Execute the UPDATE command on the table |
| TRUNCATE | Execute the TRUNCATE TABLE command on the table |
| DELETE | Execute the DELETE command on the table |
| REFERENCE | Allows to reference tables as unique/primary key tables that are foreign key constraints. View the structure of the table with the DESCRIBE or SHOW command |
| INDEX | Create Delete INDEX |
| ALL | Specify all permissions for tables |
| OWNERSHIP | Specify all permissions of the table, append WITH GRANT OPTION |
Table execution permissions
Objects that have table execution permissions can have the following permissions:
| Permissions | Meaning |
|---|---|
| EXECUTE | Permissions to enable execution of functions or stored procedures |
Publish subscription permissions
In MatrixOne Intelligence, publish subscription is a data sharing access initiated by the database of the specified user in MatrixOne Intelligence. MatrixOne Intelligence allows data publishing and subscriptions between multiple instances under one account and instances across accounts.
Note: Currently, the moadmin and accountadmin roles are only supported in MatrixOne Intelligence to publish and subscribe operations.
-Release end
The publishing end is the party that publishes shared and synchronized data.
| Permissions | Meaning |
|---|---|
| CREATE PUBLICATION | Create Publish |
| ALTER PUBLICATION | Modify and release |
| DROP PUBLICATION | Delete Publish |
| SHOW PUBLICATION | View Publish |
| SHOW CREATE PUBLICATION | View Create Publish Statement |
-Subscribe end
The subscriber is the party that has obtained the shared and synchronized data.
| Permissions | Meaning |
|---|---|
| CREATE DATABASE db_name FROM account_name PUBLICATION | Create subscription |
| SHOW SUBSCRIPTIONS | View Subscribe |