Permissions reference
In QuestDB Enterprise version, permissions are used to control which user can execute an action. There are three levels of permissions:
- database - relate to global actions, e.g.
BACKUP, but also table-specific action that apply to all tables, e.g.SELECT - table - relate to table actions, e.g.
SET TABLE PARAM, and also column actions that apply to all table's columns, e.g.DROP COLUMNorSELECT - column - relate to actions on specific table's column, e.g.
DROP INDEX
QuestDB permissions:#
| permission | level | description | |
|---|---|---|---|
| ADD COLUMN | Database | Table | Allows adding new column to existing table in rest api and pg wire protocol. | |
| ADD INDEX | Database | Table | Column | Allows adding an index on symbol column. | |
| ADD PASSWORD | Database | Allows setting user password in CREATE USER and ALTER USER commands. | |
| ADD USER | Database | Allows adding user to group(s). | |
| ALTER COLUMN CACHE | Database | Table | Column | Allows disabling or enabling caching of symbol column values via ALTER TABLE command. | |
| ATTACH PARTITION | Database | Table | Allows attaching partition to existing table. | |
| BACKUP DATABASE | Database | Allows creating database backup via BACKUP DATABASE command. | |
| BACKUP TABLE | Database | Table | Allows creating table BACKUP TABLE command. | |
| CANCEL ANY COPY | Database | Allows cancelling running COPY command via COPY importId CANCEL command. | |
| CREATE GROUP | Database | Allows creating groups. | |
| CREATE JWK | Database | Allows creating JWK tokens via ALTER USER command. | |
| CREATE REST TOKEN | Database | Allows creating REST API tokens via ALTER USER command. | |
| CREATE SERVICE ACCOUNT | Database | Allows creating service accounts. | |
| CREATE TABLE | Database | Allows creating tables. | |
| CREATE USER | Database | Allows creating users. | |
| DEDUP ENABLE | Database | Table | Allows enabling deduplication and setting of upsert keys. | |
| DEDUP DISABLE | Database | Table | Allows disabling deduplication. | |
| DETACH PARTITION | Database | Table | Allows detaching partitions from tables. | |
| DISABLE USER | Database | Allows disabling users. | |
| DROP COLUMN | Database | Table | Column | Allows dropping table columns. | |
| DROP GROUP | Database | Allows dropping groups. | |
| DROP INDEX | Database | Table | Column | Allows dropping symbol columns indexes via ALTER TABLE command. | |
| DROP JWK | Database | Allows dropping JWK tokens via ALTER USER command. | |
| DROP REST TOKEN | Database | Allows dropping REST API tokens via ALTER USER command. | |
| DROP PARTITION | Database | Table | Allows dropping or squashing existing table partitions. | |
| DROP SERVICE ACCOUNT | Database | Allows dropping service accounts. | |
| DROP TABLE | Database | Table | Allows dropping tables. | |
| DROP USER | Database | Allows dropping users. | |
| ENABLE USER | Database | Allows enabling users. | |
| HTTP | Database | Allows access to the REST API endpoint, this includes connection from the Web Console. | |
| ILP | Database | Allows access to the InfluxDB Line Protocol (ILP) endpoint. | |
| INSERT | Database | Table | Allows inserting data into table columns. | |
| LIST USERS | Database | Allows listing user details in SHOWS GROUPS, SHOW SERVICE ACCOUNTS and SHOW USERS. | |
| PGWIRE | Database | Allows access to the Postgres Wire endpoint. | |
| REINDEX | Database | Table | Column | Allows reindexing table's columns. | |
| REMOVE PASSWORD | Database | Allows setting no password via WITH NO PASSWORD clause in CREATE USER and ALTER USER commands. | |
| REMOVE USER | Database | Allows removing user from group(s). | |
| RENAME COLUMN | Database | Table | Column | Allows renaming columns. | |
| RENAME TABLE | Database | Table | Allows renaming tables. | |
| RESUME WAL | Database | Table | Allows resuming WAL processing via ALTER TABLE RESUME WAL command. | |
| SELECT | Database | Table | Column | Allows selecting/reading table or column data. | |
| SET TABLE PARAM | Database | Table | Allows setting table parameters via ALTER TABLE SET PARAM command. | |
| SET TABLE TYPE | Database | Table | Allows changing table type via ALTER TABLE SET TYPE command. | |
| SNAPSHOT | Database | Allows preparing database snapshot. | |
| TRUNCATE TABLE | Database | Table | Allows truncating tables. | |
| UPDATE | Database | Table | Column | Allows updating table columns. | |
| USER DETAILS | Database | Applies to SHOW USER, SHOW SERVICE ACCOUNTS, SHOW PERMISSIONS, SHOW GROUPS commands. | |
| VACUUM TABLE | Database | Table | Allows reclaiming storage via VACUUM TABLE command. | |
| ALL | Database | Table | Column | All permissions on all levels, it does not include permissions to assume service accounts |
Examples#
List of all permissions, with levels they apply to, is returned by
all_permissions() function, e.g.
| permission | level |
|---|---|
| SELECT | Database | Table | Column |
| INSERT | Database | Table | Column |
| UPDATE | Database | Table | Column |
| ... | ... |