---

slug: /ai-function-permission
---

# AI function privileges

This topic describes the AI function privileges, including  `AI MODEL` and `ACCESS AI MODEL`, which are used for managing AI models and calling AI functions, respectively.

## AI MODEL

AI MODEL privileges are used for managing AI models. These include three specific privileges: `CREATE AI MODEL`, `ALTER AI MODEL`, and `DROP AI MODEL`.

### Syntax

The syntax for granting privileges is as follows:

```sql
-- Grant the privilege to create an AI model.
GRANT CREATE AI MODEL ON *.* TO 'username'@'host';

-- Grant the privilege to change an AI model.
GRANT ALTER AI MODEL ON *.* TO 'username'@'host';

-- Grant the privilege to drop an AI model.
GRANT DROP AI MODEL ON *.* TO 'username'@'host';

GRANT CREATE AI MODEL, ALTER AI MODEL, DROP AI MODEL ON *.* TO 'username'@'host';
```

The syntax for revoking privileges is as follows:

```sql
-- Revoke the privilege to create an AI model.
REVOKE CREATE AI MODEL ON *.* FROM 'username'@'host';

-- Revoke the privilege to change an AI model.
REVOKE ALTER AI MODEL ON *.* FROM 'username'@'host';

-- Revoke the privilege to drop an AI model.
REVOKE DROP AI MODEL ON *.* FROM 'username'@'host';

-- Check the privileges.
SHOW GRANTS FOR 'username'@'host';
```

### Examples

1. Create a user.

    ```sql
    CREATE USER test_ai_user@'%' IDENTIFIED BY '123456';
    ```

2. Log in as the `test_ai_user` user.

    ```sql
    obclient -h 127.0.0.1 -P 2881 -u test_ai_user@'%' -p *** -A -D test;
    ```

3. Call the `CREATE_AI_MODEL_ENDPOINT` procedure.

    ```sql
    CALL DBMS_AI_SERVICE.CREATE_AI_MODEL_ENDPOINT (
        ->   'user_ai_model_endpoint_1', '{
        '>     "ai_model_name": "my_model1",
        '>     "url": "https://https://api.deepseek.com",
        '>     "access_key": "sk-xxxxxxxxxxxx",
        '>     "request_model_name": "deepseek-chat",
        '>     "provider": "deepseek"
        '>   }');
    ```

    Since the user does not have the `CREATE AI MODEL` privilege, an error is returned:

    ```shell
    ERROR 42501: Access denied; you need (at least one of) the create ai model endpoint privilege(s) for this operation
    ```

4. Grant the `CREATE AI MODEL` privilege to the `test_ai_user` user.

    ```sql
    GRANT CREATE AI MODEL ON *.* TO test_ai_user@'%';
    ```

5. Verify the privilege.

    ```sql
    CALL DBMS_AI_SERVICE.CREATE_AI_MODEL_ENDPOINT (
        ->   'user_ai_model_endpoint_1', '{
        '>     "ai_model_name": "my_model1",
        '>     "url": "https://https://api.deepseek.com",
        '>     "access_key": "sk-xxxxxxxxxxxx",
        '>     "request_model_name": "deepseek-caht",
        '>     "provider": "deepseek"
        '>   }');
    ```

    This time, the statement executes successfully.

## ACCESS AI MODEL

The `ACCESS AI MODEL` privilege is used for calling AI functions, including `AI_COMPLETE`, `AI_EMBED`, `AI_RERANK`, and `AI_PROMPT`.

### Syntax

The syntax for granting this privilege is as follows:

```sql
GRANT ACCESS AI MODEL ON *.* TO 'username'@'host';
```

The syntax for revoking this privilege is as follows:

```sql
REVOKE ACCESS AI MODEL ON *.* FROM 'username'@'host';
```

### Examples

1. Call the `AI_COMPLETE` function.

    ```sql
    SELECT AI_COMPLETE("ob_complete","Your task is to perform sentiment analysis on the provided text and determine whether the sentiment is positive or negative.
    The text to analyze is as follows:
    <text>
    What a beautiful day!
    </text>
    Judgment criteria:
    If the text expresses a positive sentiment, output 1; if it expresses a negative sentiment, output -1. Do not output anything else.\n") AS ans;
    ```

    Since the user does not have the `ACCESS AI MODEL` privilege, an error is returned:

    ```shell
    ERROR 42501: Access denied; you need (at least one of) the access ai model endpoint privilege(s) for this operation
    ```

2. Grant the `ACCESS AI MODEL` privilege to the `test_ai_user` user.

    ```sql
    GRANT ACCESS AI MODEL ON *.* TO test_ai_user@'%';
    ```

3. Verify the privilege.

    ```sql
    SELECT AI_COMPLETE("ob_complete","Your task is to perform sentiment analysis on the provided text and determine whether the sentiment is positive or negative.
    The text to analyze is as follows:
    <text>
    What a beautiful day!
    </text>
    Judgment criteria:
    If the text expresses a positive sentiment, output 1; if it expresses a negative sentiment, output -1. Do not output anything else.\n") AS ans;
    ```

    This time, the statement executes successfully.

    ```sql
    +-----+
    | ans |
    +-----+
    | 1   |
    +-----+
    ```