addAccessControl

Syntax

addAccessControl(table)

Details

Adds access control to the shared table or streaming engine created by the current user. Other users can access the target shared table or streaming engine only after the administrator grants them permissions.

Note:

  1. The function can only be executed by administrators or the shared table/streaming engine creator.

  2. If the administrator has added access control to the shared table or streaming engine for other users by using grant/deny/revoke, you do not need to call addAccessControl. Users that are not granted permissions by the administrator cannot access the shared table or streaming.

Parameters

table is a shared table or a streaming engine.

Examples

Create users for access management.

login(`admin, `123456)
createUser(`u1, "111111");
createUser(`u2, "222222");
createUser(`u3, "333333");

Example 1: Restrict other users from accessing a streaming engine.

  1. Create the agg1 streaming engine as user u1.
    login(`u1, "111111")
share streamTable(1000:0, `time`sym`volume, [TIMESTAMP, SYMBOL, INT]) as trades
output1 = table(10000:0, `time`sym`sumVolume, [TIMESTAMP, SYMBOL, INT])
agg1 = createTimeSeriesEngine(name="agg1", windowSize=60000, step=60000, metrics=<[sum(volume)]>, dummyTable=trades, outputTable=output1, timeColumn=`time, useSystemTime=false, keyColumn=`sym, garbageSize=50, useWindowStartTime=false)
subscribeTable(tableName="trades", actionName="agg1", offset=0, handler=append!{agg1}, msgAsTable=true);
  2. Add access control for agg1.
    addAccessControl(agg1)
  3. An error is reported when user u2 inserts data into agg1 or drops agg1.
    // Log on to the server as user u2
login(`u2, "222222")

// Insert data
insert into trades values(2018.10.08T01:01:01.785,`A,10) // No error
insert into agg1 values(2018.10.08T01:01:01.785,`A,10) // ERROR: No access to table [agg1]

// Drop streaming engine
dropStreamEngine("agg1") // No access to drop stream engine agg1
  4. Grant user u2 write permission on agg1.
    login(`admin, `123456)
grant("u2", TABLE_WRITE, "agg1")
    If the server is deployed in cluster mode, the target object must be written as "nodeAlias:tableName". Assume that agg1 resides in the dnode1 node.
    grant("u2", TABLE_WRITE, "dnode1:agg1")
  5. Then, user u2 can insert data into agg1.
    insert into agg1 values(2018.10.08T01:01:01.785,`A,10)

Example 2: Restrict other users from accessing a shared table.

login(`u1, "111111")
t = table(take(`a`b`c`, 10) as sym, 1..10 as val)
share t as st;
addAccessControl(`st)

login(`u3, "333333")
select * from st // ERROR: No access to shared table [st]
insert into st values(`a, 4) // ERROR: No access to shared table [st]

Related functions: grant, deny, revoke