MariaDB Xpand Documentation

Space shortcuts

Page tree

Supported Privileges

Xpand supports the following privileges:

  • ALL [PRIVILEGES]: All Privileges with the exception of GRANT OPTION
  • ALTER
  • ALTER ROUTINE: Allow ALTER or DROP of stored routines (procedures and functions)
  • CREATE: Allow CREATE TABLE and CREATE DATABASE
  • CREATE ROUTINE
  • CREATE TEMPORARY TABLES 
  • CREATE USER: Allow CREATE USER and DROP USER
  • CREATE VIEW 
  • DELETE 
  • DROP: Allow DROP TABLEDROP DATABASE, and DROP VIEW
  • EXECUTE
  • GRANT OPTION
  • INDEX: Allow CREATE INDEX and DROP INDEX
  • INSERT
  • PROCESS: The privilege enables use of SHOW PROCESSLIST and SHOW ENGINES
  • REFERENCES: The creation of a foreign key constraint requires the REFERENCES for the parent table
  • RELOAD: Enable use of FLUSH operations
  • REPLICATION CLIENT: Allow SHOW MASTER STATUS and SHOW SLAVE STATUS
  • REPLICATION SLAVE: Allow reading binary logs
  • SELECT
  • SHOW DATABASES
  • SHOW VIEW: Enables use of the SHOW CREATE VIEW statement
  • SHUTDOWN: Xpand recommends using clx dbstop instead
  • SUPER: Allow administrative commands and grants all privileges associated with the TRIGGER permission
  • TRIGGER
  • UPDATE
  • USAGE

Unsupported Privileges

Xpand ignores the following privileges:

  • CREATE TABLESPACE: Not applicable for Xpand.
  • EVENT: Not applicable for Xpand.
  • LOCK TABLES: Enables the use of explicit LOCK TABLES statements to lock tables for which you have the SELECT privilege.
  • PROXY: Not applicable for Xpand.

Xpand-Specific Privileges

Xpand implements an OSAuth privilege that allows users with this privilege to be authenticated by the OS. This allows a SQL user to log in without a password as long as they have been authenticated as the corresponding OS user.

sql> GRANT OSAUTH ON *.* to 'xpand'@'localhost';

The OSAuth privilege is granted to the database management user (xpandm) for use with clx, and the database daemon user (xpand) for use by statd and XpandGUI. 

Other Differences

  • The _ and % wild cards are not supported in database name specifications.
  • The GRANT statement ignores REQUIRE, if included.
  • The GRANT and REVOKE commands ignore values supplied for column_list and object_type 
  • The DEFINER and SQL SECURITY arguments for views are ignored.
  • The following GRANT WITH options are not supported and generate a syntax error:
    • MAX_QUERIES_PER_HOUR
    • MAX_UPDATES_PER_HOUR
    • MAX_CONNECTIONS_PER_HOUR
    • MAX_USER_CONNECTIONS
    • RENAME USER, CURRENT_USER, CURRENT_USER() and SESSION_USER() are not supported.


  • No labels