SHOW GRANTS

Queries the permissions held by the current user, a specified role, or a specified user, helping to understand permission settings and ensure data access security.

Workspace Role Permission Query Syntax

-- View the current user's permissions
SHOW GRANTS;

-- Query permissions for a specified role
SHOW GRANTS TO ROLE role_name;

-- Query permissions for a specified user
SHOW GRANTS TO USER user_name;

Parameter Description

ParameterRequiredDescription
role_nameYes (when querying a role)The name of the role to query permissions for; the role must exist in the current workspace
user_nameYes (when querying a user)The name of the user to query permissions for; the user must exist in the current workspace

Return Column Description

Column NameDescription
granted_typeGrant type: ROLE (role grant) or PRIVILEGE (object privilege grant)
privilegePermission name, such as SELECT TABLE, workspace_dev, etc.
conditionsAdditional conditions (usually empty)
granted_onType of object the permission is granted on, such as ROLE, TABLE, SCHEMA, etc.
object_nameFull name of the granted object (including workspace prefix)
granted_toType of the grantee, such as ROLE or USER
grantee_nameFull name of the grantee (including workspace prefix)
grantor_nameName of the user who performed the grant operation
grant_optionWhether the permission can be re-granted: true means the permission can be granted to other users
granted_timeTime when the permission was granted

Usage Examples

  1. View the current user's permissions:

    SHOW GRANTS;

  2. Query permissions for role test_developer_role:

    SHOW GRANTS TO ROLE test_developer_role;

    Example output:

    granted_typeprivilegegranted_onobject_namegranted_tograntee_namegrantor_namegrant_optiongranted_time
    PRIVILEGECREATE TABLESCHEMAquick_start.semantic_model_testROLEquick_start.test_developer_rolequick_start.qiliangfalse2025-03-27 20:43:39.419

  3. Query permissions for user tester:

    SHOW GRANTS TO USER tester;

    Example output:

    granted_typeprivilegegranted_onobject_namegranted_tograntee_namegrantor_namegrant_optiongranted_time
    ROLEworkspace_devROLEquick_start.workspace_devUSERquick_start.testerquick_start.qiliangfalse2025-03-27 20:43:39.419

Notes

  • Executing this command requires the workspace_admin or security_admin role, or the query must be for the currently logged-in user's own permissions.
  • Results include directly granted permissions, as well as permissions obtained indirectly through roles (rows where granted_type is ROLE indicate permissions obtained through a role).
  • Usernames and role names are case-sensitive. Ensure correct input.

Instance Role Permission Query Syntax

-- Query permissions for a specified Instance Role
SHOW GRANTS TO INSTANCE ROLE role_name;

Parameter Description

ParameterRequiredDescription
role_nameYesThe name of the Instance Role to query permissions for

Instance Usage Example

-- View permissions for an Instance Role
SHOW GRANTS TO INSTANCE ROLE instance_datamap_user;
SHOW ROLES
User-defined External Functions
Singdata © 2024 Singdata, Inc. All Rights Reserved.