Skip to content

Latest commit



95 lines (74 loc) · 2.73 KB

File metadata and controls

95 lines (74 loc) · 2.73 KB
title summary aliases
GRANT <privileges> | TiDB SQL Statement Reference
An overview of the usage of GRANT <privileges> for the TiDB database.

GRANT <privileges>

This statement allocates privileges to a pre-existing user in TiDB. The privilege system in TiDB follows MySQL, where credentials are assigned based on a database/table pattern. Executing this statement requires the GRANT OPTION privilege and all privileges you allocate.


GrantStmt ::=
    'GRANT' PrivElemList 'ON' ObjectType PrivLevel 'TO' UserSpecList RequireClauseOpt WithGrantOptionOpt

PrivElemList ::=
    PrivElem ( ',' PrivElem )*

PrivElem ::=
    PrivType ( '(' ColumnNameList ')' )?

PrivType ::=
|   'DELETE'
|   'DROP' 'ROLE'?
|    'PROCESS'
|   'INDEX'
|   'INSERT'
|   'SELECT'
|   'SUPER'
|   'SHOW' ( 'DATABASES' | 'VIEW' )
|   'UPDATE'
|    'USAGE'
|   'RELOAD'
|   'FILE'
|   'CONFIG'
|   'EVENT'

ObjectType ::=

PrivLevel ::=
    '*' ( '.' '*' )?
|    Identifier ( '.' ( '*' | Identifier ) )?

UserSpecList ::=
    UserSpec ( ',' UserSpec )*


mysql> CREATE USER 'newuser' IDENTIFIED BY 'mypassword';
Query OK, 1 row affected (0.02 sec)

mysql> GRANT ALL ON test.* TO 'newuser';
Query OK, 0 rows affected (0.03 sec)

mysql> SHOW GRANTS FOR 'newuser';
| Grants for newuser@%                            |
| GRANT USAGE ON *.* TO 'newuser'@'%'             |
| GRANT ALL PRIVILEGES ON test.* TO 'newuser'@'%' |
2 rows in set (0.00 sec)

MySQL compatibility

  • Similar to MySQL, the USAGE privilege denotes the ability to log into a TiDB server.
  • Column level privileges are not currently supported.
  • Similar to MySQL, when the NO_AUTO_CREATE_USER sql mode is not present, the GRANT statement will automatically create a new user with an empty password when a user does not exist. Removing this sql-mode (it is enabled by default) presents a security risk.

See also