zhongwei/gh-oceanbase-ecology-plugins-seekdb-claudecode-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb309b7b59de2cee1af131794b6a3d48589d5961
gh-oceanbase-ecology-plugin…/skills/seekdb-docs/official-docs/200.develop/300.ai-function/100.ai-function-permission.md
Zhongwei Li eb309b7b59 Initial commit
2025-11-30 08:44:54 +08:00

165 lines
4.5 KiB
Markdown
Raw Blame History

---
slug: /ai-function-permission
---
# AI function privileges
This topic describes the AI function privileges, including `AI MODEL` and `ACCESS AI MODEL`, which are used for managing AI models and calling AI functions, respectively.
## AI MODEL
AI MODEL privileges are used for managing AI models. These include three specific privileges: `CREATE AI MODEL`, `ALTER AI MODEL`, and `DROP AI MODEL`.
### Syntax
The syntax for granting privileges is as follows:
```sql
-- Grant the privilege to create an AI model.
GRANT CREATE AI MODEL ON *.* TO 'username'@'host';
-- Grant the privilege to change an AI model.
GRANT ALTER AI MODEL ON *.* TO 'username'@'host';
-- Grant the privilege to drop an AI model.
GRANT DROP AI MODEL ON *.* TO 'username'@'host';
GRANT CREATE AI MODEL, ALTER AI MODEL, DROP AI MODEL ON *.* TO 'username'@'host';
```
The syntax for revoking privileges is as follows:
```sql
-- Revoke the privilege to create an AI model.
REVOKE CREATE AI MODEL ON *.* FROM 'username'@'host';
-- Revoke the privilege to change an AI model.
REVOKE ALTER AI MODEL ON *.* FROM 'username'@'host';
-- Revoke the privilege to drop an AI model.
REVOKE DROP AI MODEL ON *.* FROM 'username'@'host';
-- Check the privileges.
SHOW GRANTS FOR 'username'@'host';
```
### Examples
1. Create a user.
```sql
CREATE USER test_ai_user@'%' IDENTIFIED BY '123456';
```
2. Log in as the `test_ai_user` user.
```sql
obclient -h 127.0.0.1 -P 2881 -u test_ai_user@'%' -p *** -A -D test;
```
3. Call the `CREATE_AI_MODEL_ENDPOINT` procedure.
```sql
CALL DBMS_AI_SERVICE.CREATE_AI_MODEL_ENDPOINT (
-> 'user_ai_model_endpoint_1', '{
'> "ai_model_name": "my_model1",
'> "url": "https://https://api.deepseek.com",
'> "access_key": "sk-xxxxxxxxxxxx",
'> "request_model_name": "deepseek-chat",
'> "provider": "deepseek"
'> }');
```
Since the user does not have the `CREATE AI MODEL` privilege, an error is returned:
```shell
ERROR 42501: Access denied; you need (at least one of) the create ai model endpoint privilege(s) for this operation
```
4. Grant the `CREATE AI MODEL` privilege to the `test_ai_user` user.
```sql
GRANT CREATE AI MODEL ON *.* TO test_ai_user@'%';
```
5. Verify the privilege.
```sql
CALL DBMS_AI_SERVICE.CREATE_AI_MODEL_ENDPOINT (
-> 'user_ai_model_endpoint_1', '{
'> "ai_model_name": "my_model1",
'> "url": "https://https://api.deepseek.com",
'> "access_key": "sk-xxxxxxxxxxxx",
'> "request_model_name": "deepseek-caht",
'> "provider": "deepseek"
'> }');
```
This time, the statement executes successfully.
## ACCESS AI MODEL
The `ACCESS AI MODEL` privilege is used for calling AI functions, including `AI_COMPLETE`, `AI_EMBED`, `AI_RERANK`, and `AI_PROMPT`.
### Syntax
The syntax for granting this privilege is as follows:
```sql
GRANT ACCESS AI MODEL ON *.* TO 'username'@'host';
```
The syntax for revoking this privilege is as follows:
```sql
REVOKE ACCESS AI MODEL ON *.* FROM 'username'@'host';
```
### Examples
1. Call the `AI_COMPLETE` function.
```sql
SELECT AI_COMPLETE("ob_complete","Your task is to perform sentiment analysis on the provided text and determine whether the sentiment is positive or negative.
The text to analyze is as follows:
<text>
What a beautiful day!
</text>
Judgment criteria:
If the text expresses a positive sentiment, output 1; if it expresses a negative sentiment, output -1. Do not output anything else.\n") AS ans;
```
Since the user does not have the `ACCESS AI MODEL` privilege, an error is returned:
```shell
ERROR 42501: Access denied; you need (at least one of) the access ai model endpoint privilege(s) for this operation
```
2. Grant the `ACCESS AI MODEL` privilege to the `test_ai_user` user.
```sql
GRANT ACCESS AI MODEL ON *.* TO test_ai_user@'%';
```
3. Verify the privilege.
```sql
SELECT AI_COMPLETE("ob_complete","Your task is to perform sentiment analysis on the provided text and determine whether the sentiment is positive or negative.
The text to analyze is as follows:
<text>
What a beautiful day!
</text>
Judgment criteria:
If the text expresses a positive sentiment, output 1; if it expresses a negative sentiment, output -1. Do not output anything else.\n") AS ans;
```
This time, the statement executes successfully.
```sql
+-----+
| ans |
+-----+
| 1 |
+-----+
```
Reference in New Issue View Git Blame Copy Permalink