Namespace Management
Namespace Resolution
You can grant authorization permissions to a namespace to determine who can access both the namespace and the tables within it.
table_name
that appears in an SQL
statement, the following rules apply:
-
- If the
table_name
contains a namespace name, no resolution is needed, because a qualified table name uniquely identifies a table. - If you don't specify a namespace name explicitly, the
namespace used is the one contained in the
ExecuteOptions
instance that is given as input to theexecuteSync()
,execute()
, orprepare()
methods of TableAPI. - If
ExecuteOptions
doesn't specify a namespace, the default sysdefault namespace is used.
- If the
Using different namespaces in ExecuteOptions
allows executing the same
queries on separate but similar tables.
Manage Namespaces
SHOW NAMESPACES
The SHOW NAMESPACES statement provides the list of namespaces in the system. You can specify AS JSON if you want the output to be in JSON format.
SHOW NAMESPACES
namespaces
sysdefault
SHOW AS JSON NAMESPACES
{"namespaces" : ["sysdefault"]}
DROP NAMESPACE
You can remove a namespace by using the DROP NAMESPACE statement.
IF EXISTS is an optional clause. If you specify this clause, and if a namespace with the same name does not exist, no error is generated. If you don't specify this clause, and if a namespace with the same name does not exist, an error is generated indicating that the namespace does not exist.
CASCADE is an optional clause that enables you to specify whether to drop the tables and their indexes in this namespace. If you specify this clause, and if the namespace contains any tables, then the namespace together with all the tables in this namespace will be deleted. If you don't specify this clause, and if the namespace contains any tables, then an error is generated indicating that the namespace is not empty.
DROP NAMESPACE IF EXISTS ns1 CASCADE
Namespace scoped privileges
You can add one or more namespaces to your store, create tables within them, and grant permission for users to access namespaces and tables. For general information on managing Roles and Users, see Grant Roles or Privileges in the Security Guide.
For information on implication relationship among Oracle NoSQL Database privileges, see Privilege Hierarchy in the Security Guide.
Granting Authorization Access to Namespaces
Table 3-1 Namespace Privileges and Permissions
Privilege | Description |
---|---|
|
Grant permission to a user or to a role to create or drop any namespace.
|
|
Grant permission to a user or to a role to create, drop or evolve tables in a specific namespace. You can evolve tables to update table definitions, add or remove fields, or change field properties, such as a default value. You may even add a particular kind of column, like an IDENTITY column, to increment some value automatically. Only tables that already exist in the store are candidates for table evolution. For more details, see Alter Table.
|
|
Grant permission to a user or to a role to create or drop an index in a specific namespace.
|
|
Grant permission to a role to read, insert, or delete items in a specific namespace.
|
|
Helper label for granting or revoking permissions to all DDL privileges for a specific namespace to a user or role.
|
Grant privileges on a namespace
GRANT {Namespace-scoped privileges} ON NAMESPACE namespace_name TO <User|Role>
Namespace-scoped privileges ::= namespace_privilege [, namespace_privilege]
where,
-
namespace_privilege
The namespace privilege that can be granted to a user or a role. For more information on the applicable privileges, see the Privilege column in the Namespace Privileges and Permissions table.
-
namespace_name
The namespace that the user wishes to access.
-
<User|Role>
The name of the KVStore user or the role of a user.
Example:
GRANT READ_IN_NAMESPACE ON NAMESPACE ns1 TO Kate;
Note:
The label MODIFY_IN_NAMESPACE can be used as a helper for granting or revoking permissions to all DDL privileges for a specific namespace to a user or role.Revoke privileges on a namespace
REVOKE {Namespace-scoped privileges} ON NAMESPACE namespace_name FROM <User|Role>
Namespace-scoped privileges ::= namespace_privilege [, namespace_privilege]
where,
-
namespace_privilege
The namespace privilege that can be revoked from a user or a role. For more information on the applicable privileges, see the Privilege column in the Namespace Privileges and Permissions table.
-
namespace_name
The namespace that the user wishes to access.
-
<User|Role>
The name of the KVStore user or the role of a user.
Example:
REVOKE READ_IN_NAMESPACE ON NAMESPACE ns1 FROM Kate;
Note:
The label MODIFY_IN_NAMESPACE can be used as a helper for granting or revoking permissions to all DDL privileges for a specific namespace to a user or role.- Creation of a namespace and a table.
- Revocation of the privilege to create any other new tables in the namespace, but allow the table to be dropped.
Example: Namespace Scoped Privileges
CREATE NAMESPACE IF NOT EXISTS ns1;
GRANT MODIFY_IN_NAMESPACE ON NAMESPACE ns1 TO usersRole;
CREATE TABLE ns1:t (id INTEGER, name STRING, primary key (id));
INSERT INTO ns1:t VALUES (1, 'Smith');
SELECT * FROM ns1:t;
REVOKE CREATE_TABLE_IN_NAMESPACE ON NAMESPACE ns1 FROM usersRole;
DROP NAMESPACE ns1 CASCADE;
Note:
You can save all of the above commands as a sql script and execute it in a single command. If you want to execute any of the above commands outside of a SQL prompt, remove the semi colon at the end.