SQL Analytics Permissions Explained

By default, no one has any permissions.

No users can browse the list of databases. No users can list or read tables.

There are two major grants that you need to be aware of (at least to use data):

  1. USAGE. Permission to use an object, or basically just see it. This does not grant permission to use an object, or in other words to get data from it.
  2. SELECT. Permission to select data from an object i.e. read the object. This grants permission to read the data from an object.

Scenario 1. Grant Full Read Access to a Database

grant usage on database db_name to `object_name`;
grant select on database db_name to `object_name`;

object_name is either a name of a group, or email address of a user.

Scenario 2. Grant Read Access to a Table

grant usage on database db_name to `object_name`;
grant select on table db_name.table_name to `object_name`;

The first clause makes database object visible to object_name - note this does not make any tables in database visible, so the user will see an empty database.

The second clause makes a table visible and selectable.

Have a question⁉ Contact me.