docs/en/sql-reference/sql-statements/account-management/SHOW_GRANTS.md
SHOW GRANTS displays all the privileges that have been granted to a user or role.
For more information about roles and privileges, see Overview of privileges.
:::tip
All roles and users can view the privileges granted to them or the roles assigned to them. Only users with the user_admin role can view the privileges of a specified user or role.
:::
SHOW GRANTS; -- View the privileges of the current user.
SHOW GRANTS FOR ROLE <role_name>; -- View the privileges of a specific role.
SHOW GRANTS FOR <user_identity>; -- View the privileges of a specific user.
Return fields:
-- View the privileges of a specific user.
+--------------+--------+---------------------------------------------+
|UserIdentity |Catalog | Grants |
+--------------+--------+---------------------------------------------+
-- View the privileges of a specific role.
+-------------+--------+-------------------------------------------------------+
|RoleName |Catalog | Grants |
+-------------+-----------------+----------------------------------------------+
| Field | Description |
|---|---|
| UserIdentity | The user identity, which is displayed when you query the privileges of a user. |
| RoleName | The role name, which is displayed when you query the privileges of a role. |
| Catalog | The catalog name. |
default is returned if the GRANT operation is performed on the StarRocks internal catalog. | |
| The name of the external catalog is returned if the GRANT operation is performed on an external catalog. | |
NULL is returned if the operation shown in the Grants column is assigning roles. | |
| Grants | The specific GRANT operation. |
mysql> SHOW GRANTS;
+--------------+---------+----------------------------------------+
| UserIdentity | Catalog | Grants |
+--------------+---------+----------------------------------------+
| 'root'@'%' | NULL | GRANT 'root', 'testrole' TO 'root'@'%' |
+--------------+---------+----------------------------------------+
mysql> SHOW GRANTS FOR 'user_g'@'%';
+-------------+-------------+-----------------------------------------------------------------------------------------------+
|UserIdentity |Catalog |Grants |
+-------------+-------------------------------------------------------------------------------------------------------------+
|'user_g'@'%' |NULL |GRANT role_g, public to `user_g`@`%`; |
|'user_g'@'%' |NULL |GRANT IMPERSONATE ON USER `user_a`@`%` TO USER `user_g`@`%`; |
|'user_g'@'%' |default |GRANT CREATE_DATABASE ON CATALOG default_catalog TO USER `user_g`@`%`; |
|'user_g'@'%' |default |GRANT ALTER, DROP, CREATE_TABLE ON DATABASE db1 TO USER `user_g`@`%`; |
|'user_g'@'%' |default |GRANT CREATE_VIEW ON DATABASE db1 TO USER `user_g`@`%` WITH GRANT OPTION; |
|'user_g'@'%' |default |GRANT ALTER, DROP, SELECT, INGEST, EXPORT, DELETE, UPDATE ON TABLE db.* TO USER `user_g`@`%`; |
|'user_g'@'%' |default |GRANT ALTER, DROP, SELECT ON VIEW db2.view TO USER `user_g`@`%`; |
|'user_g'@'%' |Hive_catalog |GRANT USAGE ON CATALOG Hive_catalog TO USER `user_g`@`%` |
+-------------+--------------+-----------------------------------------------------------------------------------------------+
mysql> SHOW GRANTS FOR ROLE role_g;
+-------------+--------+-------------------------------------------------------+
|RoleName |Catalog | Grants |
+-------------+-----------------+----------------------------------------------+
|role_g |NULL | GRANT role_p, role_test TO ROLE role_g; |
|role_g |default | GRANT SELECT ON *.* TO ROLE role_g WITH GRANT OPTION; |
+-------------+--------+--------------------------------------------------------+