getUserAccess
Syntax
getUserAccess([userIds], [finalAccess=false])
Arguments
userId (optional) is a STRING scalar/vector indicating one or multiple user names.
finalAccess (optional) is a Boolean value that specifies whether the obtained result is the privileges that ultimately take effect, i.e., the privileges for both the user and the groups the user belongs to are taken into account. The default value is false.
Details
This function returns privileges for specific users.
When userId is not specified, it returns the privileges for the current user.
When userId is specified (only by administrators):
-
If finalAccess = false, the obtained access is the explicit privileges applied to the user.
-
If finalAccess = true, the obtained access is the privileges that ultimately take effect.
Return value: A table with the following columns
Column | Description |
---|---|
userId | The user name |
groups | The group to which the user belongs |
isAdmin | Whether the user is an administrator |
MAX_JOB_PRIORITY | An integer between 0 and 8
indicating the highest priority of the jobs submitted by the
user. It is specified by the command
setMaxJobPriority . |
MAX_PARALLELISM | An integer indicating the
maximum number of tasks that can be executed in parallel for a
job submitted by the user. It is specified by the command
setMaxJobParallelism . |
QUERY_RESULT_MEM_LIMIT | The memory limit for a query
result. It is a floating-point number indicating memory usage
(in GB). You can use grant to set the limit and
revoke to remove. |
TASK_GROUP_MEM_LIMIT | The memory limit of a task
group. It is a floating-point number indicating memory usage in
GB. You can use grant to set the limit and
revoke to remove. |
- Since version 3.00.2, compute group privileges are returned.
- Since version 3.00.0, catalog privileges are returned.
- Version 1.30.21/2.00.9 onwards extends privileges at the table level. The original TABLE_WRITE field is now replaced with fields TABLE_INSERT, TABLE_UPDATE, and TABLE_DELETE.
- As the DB_READ, DB_WRITE, DB_INSERT, DB_UPDATE, and DB_DELETE privileges apply to tables in databases, only table-level privileges are returned.
objs |
---|
TABLE_READ_allowed |
TABLE_READ_denied |
TABLE_INSERT_allowed |
TABLE_INSERT_denied |
TABLE_UPDATE_allowed |
TABLE_UPDATE_denied |
TABLE_DELETE_allowed |
TABLE_DELETE_denied |
DB_READ_allowed |
DB_READ_denied |
DB_INSERT_allowed |
DB_INSERT_denied |
DB_UPDATE_allowed |
DB_UPDATE_denied |
DB_DELETE_allowed |
DB_DELETE_denied |
VIEW_EXEC_allowed |
VIEW_EXEC_denied |
DBOBJ_CREATE_allowed |
DBOBJ_CREATE_denied |
DBOBJ_DELETE_allowed |
DBOBJ_DELETE_denied |
DB_OWNER_allowed |
DB_MANAGE_allowed |
DB_MANAGE_denied |
CATALOG_READ_allowed |
CATALOG_READ_denied |
CATALOG_INSERT_allowed |
CATALOG_INSERT_denied |
CATALOG_UPDATE_allowed |
CATALOG_UPDATE_denied |
CATALOG_DELETE_allowed |
CATALOG_DELETE_denied |
COMPUTE_GROUP_EXEC_allowed |
COMPUTE_GROUP_EXEC_denied |