Permissions reference

In QuestDB Enterprise version, permissions are used to control which user can execute an action. There are three levels of permissions:

  • database - relate to global actions, e.g. BACKUP, but also table-specific action that apply to all tables, e.g. SELECT
  • table - relate to table actions, e.g. SET TABLE PARAM, and also column actions that apply to all table's columns, e.g. DROP COLUMN or SELECT
  • column - relate to actions on specific table's column, e.g. DROP INDEX

QuestDB permissions:#

ADD COLUMNDatabase | TableAllows adding new column to existing table in rest api and pg wire protocol.
ADD INDEXDatabase | Table | ColumnAllows adding an index on symbol column.
ADD PASSWORDDatabaseAllows setting user password in CREATE USER and ALTER USER commands.
ADD USERDatabaseAllows adding user to group(s).
ALTER COLUMN CACHEDatabase | Table | ColumnAllows disabling or enabling caching of symbol column values via ALTER TABLE command.
ATTACH PARTITIONDatabase | TableAllows attaching partition to existing table.
BACKUP DATABASEDatabaseAllows creating database backup via BACKUP DATABASE command.
BACKUP TABLEDatabase | TableAllows creating table BACKUP TABLE command.
CANCEL ANY COPYDatabaseAllows cancelling running COPY command via COPY importId CANCEL command.
CREATE GROUPDatabaseAllows creating groups.
CREATE JWKDatabaseAllows creating JWK tokens via ALTER USER command.
CREATE REST TOKENDatabaseAllows creating REST API tokens via ALTER USER command.
CREATE SERVICE ACCOUNTDatabaseAllows creating service accounts.
CREATE TABLEDatabaseAllows creating tables.
CREATE USERDatabaseAllows creating users.
DEDUP ENABLEDatabase | TableAllows enabling deduplication and setting of upsert keys.
DEDUP DISABLEDatabase | TableAllows disabling deduplication.
DETACH PARTITIONDatabase | TableAllows detaching partitions from tables.
DISABLE USERDatabaseAllows disabling users.
DROP COLUMNDatabase | Table | ColumnAllows dropping table columns.
DROP GROUPDatabaseAllows dropping groups.
DROP INDEXDatabase | Table | ColumnAllows dropping symbol columns indexes via ALTER TABLE command.
DROP JWKDatabaseAllows dropping JWK tokens via ALTER USER command.
DROP REST TOKENDatabaseAllows dropping REST API tokens via ALTER USER command.
DROP PARTITIONDatabase | TableAllows dropping or squashing existing table partitions.
DROP SERVICE ACCOUNTDatabaseAllows dropping service accounts.
DROP TABLEDatabase | TableAllows dropping tables.
DROP USERDatabaseAllows dropping users.
ENABLE USERDatabaseAllows enabling users.
HTTPDatabaseAllows access to the REST API endpoint, this includes connection from the Web Console.
ILPDatabaseAllows access to the InfluxDB Line Protocol (ILP) endpoint.
INSERTDatabase | TableAllows inserting data into table columns.
LIST USERSDatabaseAllows listing user details in SHOWS GROUPS, SHOW SERVICE ACCOUNTS and SHOW USERS.
PGWIREDatabaseAllows access to the Postgres Wire endpoint.
REINDEXDatabase | Table | ColumnAllows reindexing table's columns.
REMOVE PASSWORDDatabaseAllows setting no password via WITH NO PASSWORD clause in CREATE USER and ALTER USER commands.
REMOVE USERDatabaseAllows removing user from group(s).
RENAME COLUMNDatabase | Table | ColumnAllows renaming columns.
RENAME TABLEDatabase | TableAllows renaming tables.
RESUME WALDatabase | TableAllows resuming WAL processing via ALTER TABLE RESUME WAL command.
SELECTDatabase | Table | ColumnAllows selecting/reading table or column data.
SET TABLE PARAMDatabase | TableAllows setting table parameters via ALTER TABLE SET PARAM command.
SET TABLE TYPEDatabase | TableAllows changing table type via ALTER TABLE SET TYPE command.
SNAPSHOTDatabaseAllows preparing database snapshot.
TRUNCATE TABLEDatabase | TableAllows truncating tables.
UPDATEDatabase | Table | ColumnAllows updating table columns.
VACUUM TABLEDatabase | TableAllows reclaiming storage via VACUUM TABLE command.
ALLDatabase | Table | ColumnAll permissions on all levels, it does not include permissions to assume service accounts


List of all permissions, with levels they apply to, is returned by all_permissions() function, e.g.

select * from all_permissions();
SELECTDatabase | Table | Column
INSERTDatabase | Table | Column
UPDATEDatabase | Table | Column

โญ Something missing? Page not helpful? Please suggest an edit on GitHub.