CREATE Privilege
This page is part of MariaDB's Documentation.
The parent of this page is: Privileges for MariaDB Xpand
Topics on this page:
Overview
Grants ability to execute CREATE DATABASE
and CREATE TABLE
.
DETAILS
Scope: Global, Database, Table
Privilege name for
GRANT
:CREATE
Privilege name for
REVOKE
:CREATE
Privilege shown by
SHOW GRANTS
:CREATE
MariaDB Xpand's CREATE
privilege allows certain SQL statements to be executed:
EXAMPLES
GRANT
The following examples demonstrate grant of a single privilege. A single GRANT
statement can grant multiple privileges at the same scope by providing a comma-separated list of the privileges.
To grant the CREATE
privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME'
) in the following query to align to your requirements:
GRANT CREATE
ON *.*
TO 'USERNAME'@'HOSTNAME';
To grant the CREATE
privilege at database scope, replace the user specification ('USERNAME'@'HOSTNAME'
) and database name (DATABASE_NAME
) in the following query to align to your requirements:
GRANT CREATE
ON DATABASE_NAME.*
TO 'USERNAME'@'HOSTNAME';
To grant the CREATE
privilege at table scope, replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and table name (TABLE_NAME
) in the following query to align to your requirements:
GRANT CREATE
ON DATABASE_NAME.TABLE_NAME
TO 'USERNAME'@'HOSTNAME';
REVOKE
The following examples demonstrate revoke of a single previously-granted privilege. A single REVOKE
statement can revoke multiple privileges at the same scope by providing a comma-separated list of the privileges.
To revoke the CREATE
privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME'
) in the following query to align to your requirements:
REVOKE CREATE
ON *.*
FROM 'USERNAME'@'HOSTNAME';
To revoke the CREATE
privilege at database scope, replace the user specification ('USERNAME'@'HOSTNAME'
) and database name (DATABASE_NAME
) in the following query to align to your requirements:
REVOKE CREATE
ON DATABASE_NAME.*
FROM 'USERNAME'@'HOSTNAME';
To revoke the CREATE
privilege at table scope, replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and table name (TABLE_NAME
) in the following query to align to your requirements:
REVOKE CREATE
ON DATABASE_NAME.TABLE_NAME
FROM 'USERNAME'@'HOSTNAME';
SHOW Output
A user's privileges can be displayed using the SHOW GRANTS
statement.
If the CREATE
privilege is present, it will be shown as CREATE
in the output. For example:
SHOW GRANTS FOR 'app_user'@'192.0.2.%';
+------------------------------------------------------+
| Grants for app_user@192.0.2.% |
+------------------------------------------------------+
| GRANT CREATE ON `app_db`.* TO 'app_user'@'192.0.2.%' |
+------------------------------------------------------+
Privilege Failure
An error message is raised if an operation fails due to insufficient privileges. For example:
CREATE TABLE hq_sales.invoices (
invoice_id BIGINT UNSIGNED AUTO_INCREMENT NOT NULL,
branch_id INT NOT NULL,
customer_id INT,
invoice_date DATETIME(6),
invoice_total DECIMAL(13, 2),
payment_method ENUM('NONE', 'CASH', 'WIRE_TRANSFER', 'CREDIT_CARD', 'GIFT_CARD'),
PRIMARY KEY(invoice_id)
) REPLICAS=3;
ERROR 1045 (HY000): [11281] Permission denied: User 'USERNAME'@'HOSTNAME' is missing CREATE on `hq_sales`.`invoices`; transaction aborted