sql-statement-grant-privileges.md

title	summary	aliases
GRANT <privileges> | TiDB SQL Statement Reference	An overview of the usage of GRANT <privileges> for the TiDB database.	/docs/dev/sql-statements/sql-statement-grant-privileges/ /docs/dev/reference/sql/statements/grant-privileges/

GRANT <privileges>

This statement allocates privileges to a pre-existing user in TiDB. The privilege system in TiDB follows MySQL, where credentials are assigned based on a database/table pattern. Executing this statement requires the GRANT OPTION privilege and all privileges you allocate.

Synopsis

GrantStmt:

PrivElemList:

PrivElem:

PrivType:

ObjectType:

PrivLevel:

UserSpecList:

Examples

mysql> CREATE USER 'newuser' IDENTIFIED BY 'mypassword';
Query OK, 1 row affected (0.02 sec)

mysql> GRANT ALL ON test.* TO 'newuser';
Query OK, 0 rows affected (0.03 sec)

mysql> SHOW GRANTS FOR 'newuser';
+-------------------------------------------------+
| Grants for newuser@%                            |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'newuser'@'%'             |
| GRANT ALL PRIVILEGES ON test.* TO 'newuser'@'%' |
+-------------------------------------------------+
2 rows in set (0.00 sec)

MySQL compatibility

• Similar to MySQL, the USAGE privilege denotes the ability to log into a TiDB server.
• Column level privileges are not currently supported.
• Similar to MySQL, when the NO_AUTO_CREATE_USER sql mode is not present, the GRANT statement will automatically create a new user with an empty password when a user does not exist. Removing this sql-mode (it is enabled by default) presents a security risk.

See also

• GRANT <role>
• REVOKE <privileges>
• SHOW GRANTS
• Privilege Management