CAN I

Syntax

CAN I [
    [ 
        CREATE_DATABASE
        | CREATE_STORE
        | CREATE_SCHEMA_REGISTRY
        | CREATE_DESCRIPTOR_SOURCE
        | CREATE_FUNCTION_SOURCE
        | CREATE_FUNCTION
        | CREATE_CONNECTOR
        | CREATE_QUERY
        | MANAGE_MEMBERS
        | MANAGE_GRANTS
    ]
    | [
        [ USE | CREATE IN | SELECT FROM | INSERT INTO | DROP ]
        [
            DATABASE
            | SCHEMA
            | STORE
            | DESCRIPTOR_SOURCE
            | QUERY
            | RELATION
            | FUNCTION_SOURCE
            | FUNCTION
            | ROLE
            | REGION
        ] target_name
    ]
];

Description

Arguments

target_name

Name of the object to use for testing authorization for the privilege target. Use this only for testing authorization of a privilege type, — for example, USE.

Examples

Check whether the user can create a database

<no-db>/<no-store># CAN I CREATE_DATABASE;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether the user can create a query

<no-db>/<no-store># CAN I CREATE_QUERY;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether the user with the current role can create objects in another role

<no-db>/<no-store># CAN I CREATE IN ROLE useradmin;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user has USAGE privilege on a database

<no-db>/<no-store># CAN I USE DATABASE db;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can user another role

<no-db>/<no-store># CAN I USE ROLE useradmin;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user can drop a database

main_db.public/pub_demo_msk# CAN I DROP DATABASE user_db;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user can select from an existing relation

db.public/<no-store># CAN I SELECT FROM RELATION pageviews;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can insert records into an existing relation

db.public/<no-store># CAN I INSERT INTO RELATION pageviews;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can manage grants

db.public/<no-store># CAN I MANAGE_GRANTS;
+------------+
|  Can I     |
+============+
| false      |
+------------+

PreviousACCEPT INVITATION NextCOPY DESCRIPTOR_SOURCE

Last updated 2 months ago

CAN I

Syntax

CAN I [
    [ 
        CREATE_DATABASE
        | CREATE_STORE
        | CREATE_SCHEMA_REGISTRY
        | CREATE_DESCRIPTOR_SOURCE
        | CREATE_FUNCTION_SOURCE
        | CREATE_FUNCTION
        | CREATE_CONNECTOR
        | CREATE_QUERY
        | MANAGE_MEMBERS
        | MANAGE_GRANTS
    ]
    | [
        [ USE | CREATE IN | SELECT FROM | INSERT INTO | DROP ]
        [
            DATABASE
            | SCHEMA
            | STORE
            | DESCRIPTOR_SOURCE
            | QUERY
            | RELATION
            | FUNCTION_SOURCE
            | FUNCTION
            | ROLE
            | REGION
        ] target_name
    ]
];

Description

This command shows whether the current can execute specific commands in the current .

Arguments

target_name

Name of the object to use for testing authorization for the privilege target. Use this only for testing authorization of a privilege type, — for example, USE.

Examples

Check whether the user can create a database

<no-db>/<no-store># CAN I CREATE_DATABASE;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether the user can create a query

<no-db>/<no-store># CAN I CREATE_QUERY;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether the user with the current role can create objects in another role

<no-db>/<no-store># CAN I CREATE IN ROLE useradmin;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user has USAGE privilege on a database

<no-db>/<no-store># CAN I USE DATABASE db;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can user another role

<no-db>/<no-store># CAN I USE ROLE useradmin;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user can drop a database

main_db.public/pub_demo_msk# CAN I DROP DATABASE user_db;
+------------+
|  Can I     |
+============+
| false      |
+------------+

Check whether user can select from an existing relation

db.public/<no-store># CAN I SELECT FROM RELATION pageviews;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can insert records into an existing relation

db.public/<no-store># CAN I INSERT INTO RELATION pageviews;
+------------+
|  Can I     |
+============+
| true       |
+------------+

Check whether user can manage grants

db.public/<no-store># CAN I MANAGE_GRANTS;
+------------+
|  Can I     |
+============+
| false      |
+------------+

PreviousACCEPT INVITATION NextCOPY DESCRIPTOR_SOURCE

Last updated 2 months ago