Grant or revoke access to table writes using SQL statements.
Tableland allows for some SQL-based access control, along with smart contracts controllers. Developers can provision access to certain addresses using the
REVOKE keywords, which defines high-level write permissions. Only the owner can write this access control query.
To grant permissions for all table mutation abilities, you can make a write query that follows the general format below. Namely, you set the rules for
DELETE permissions on a specific table to a specific onchain address. Keep in mind the
0x address should be treated as a
TEXT value and wrapped in single quotes, and the examples below show
0xYOUR_EVM_ADDRESS but be sure to update this accordingly with the correct EVM address.
The primary difference between the keywords is the following:
GRANT: Allows the caller to grant an address permissions on a table.
REVOKE: Removes any of the privileges that were enabled for an address by way of
At this time, the most robust features are only available at the smart contract level.
GRANT permissions for all table mutation abilities, you can execute a query that defines all write possibilities to an address.
Perhaps at a point in the future, you decide to
REVOKE the permission to
DELETE rows via another access control write query:
For more information on
REVOKE, see the SQL specification.
At a lower level, it's possible to set a custom controller using a smart contract. Once a smart contract controller has been configured for a table, it takes precedence over any
REVOKE statements. If that smart contract controller is ever removed and set back to its initial value ("unsetting" to the
0x0 address), the
REVOKE statements go back into effect. Again, what's described here with controllers and setting/unsetting is only possible at the smart contract level and does not happen with pure SQL.