CAN I

Syntax

CAN I [
    [ 
        CREATE_DATABASE
        | CREATE_STORE
        | CREATE_SCHEMA_REGISTRY
        | CREATE_DESCRIPTOR_SOURCE
        | CREATE_FUNCTION_SOURCE
        | CREATE_FUNCTION
        | CREATE_CONNECTOR
        | CREATE_QUERY
        | MANAGE_MEMBERS
        | MANAGE_GRANTS
    ]
    | [
        [ USE | CREATE IN | SELECT FROM | INSERT INTO | DROP ]
        [
            DATABASE
            | SCHEMA
            | STORE
            | DESCRIPTOR_SOURCE
            | QUERY
            | RELATION
            | FUNCTION_SOURCE
            | FUNCTION
            | ROLE
            | REGION
        ] target_name
    ]
];

Description

This command shows whether the current User can execute specific commands in the current Organization.

Arguments

target_name

Name of the object to use for testing authorization for the privilege target. This is only used for testing authorization of a privilege type, e.g. USE.

Examples

Check whether the user can create a Database

<no-db>/<no-store># CAN I CREATE_DATABASE;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether the user can create a Query

<no-db>/<no-store># CAN I CREATE_QUERY;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether the user with the current Role can create objects in another Role

<no-db>/<no-store># CAN I CREATE IN ROLE useradmin;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user has USAGE privilege on a Database

<no-db>/<no-store># CAN I USE DATABASE db;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can user another Role

<no-db>/<no-store># CAN I USE ROLE useradmin;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user can drop a Database

main_db.public/pub_demo_msk# CAN I DROP DATABASE user_db;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user can select from an existing Relation

db.public/<no-store># CAN I SELECT FROM RELATION pageviews;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can insert records into an existing Relation

db.public/<no-store># CAN I INSERT INTO RELATION pageviews;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can manage grants

db.public/<no-store># CAN I MANAGE_GRANTS;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Last updated