Stay organized with collections
Save and categorize content based on your preferences.
This page explains how fine-grained access control works with
Spanner sequences for GoogleSQL-dialect databases and PostgreSQL-dialect databases.
For fine-grained access control users, you can grant either one or both of the
following privileges to allow access to read sequence information or
generate values from the sequence.
Grant SELECT on the sequence to allow read access to the parameters
and current state of the sequence.
The following table contains details about which privileges you require when
performing a specific sequence operations.
Operation
Privilege requirements
GoogleSQL:
GET_NEXT_SEQUENCE_VALUE()
PostgreSQL:
nextval()
Requires an UPDATE or SELECT privilege on the
sequence. Note that if you execute this function through generated columns
or default values, you also need to have an INSERT or
UPDATE privilege on the column. An UPDATE
privilege on a sequence doesn't automatically grant any privilege on the
columns where you want to use the sequence.
GoogleSQL:
GET_INTERNAL_SEQUENCE_STATE()
PostgreSQL:
spanner.get_internal_sequence_state()
Requires the SELECT privilege on the sequence that you
request.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[],null,["# Fine-grained access control for sequences\n\nThis page explains how [fine-grained access control](/spanner/docs/fgac-about) works with\nSpanner sequences for GoogleSQL-dialect databases and PostgreSQL-dialect databases.\n\nFor fine-grained access control users, you can grant either one or both of the\nfollowing privileges to allow access to read sequence information or\ngenerate values from the sequence.\n\n- Grant `SELECT` on the sequence to allow read access to the parameters\n and current state of the sequence.\n\n ### GoogleSQL\n\n ```sql\n GRANT SELECT ON SEQUENCE SEQUENCE_NAME TO ROLE ROLE_NAME;\n ```\n\n ### PostgreSQL\n\n ```sql\n GRANT SELECT ON SEQUENCE SEQUENCE_NAME TO ROLE_NAME;\n ```\n- Grant `UPDATE` on the sequence to allow calls to the sequence value\n generator.\n\n ### GoogleSQL\n\n ```sql\n GRANT UPDATE ON SEQUENCE SEQUENCE_NAME TO ROLE ROLE_NAME;\n ```\n\n ### PostgreSQL\n\n ```sql\n GRANT UPDATE ON SEQUENCE SEQUENCE_NAME TO ROLE_NAME;\n ```\n\nRequired privileges for sequence operations\n-------------------------------------------\n\nThe following table contains details about which privileges you require when\nperforming a specific sequence operations.\n\nWhat's next\n-----------\n\n- Learn more about using [sequences](/spanner/docs/primary-key-default-value#bit-reversed-sequence) in Spanner.\n- Learn about `SEQUENCE` for [GoogleSQL](/spanner/docs/reference/standard-sql/data-definition-language#sequence_statements) or [PostgreSQL](/spanner/docs/reference/postgresql/data-definition-language#sequence_statements).\n- Learn about sequence functions in [GoogleSQL](/spanner/docs/reference/standard-sql/sequence_functions) or [PostgreSQL](/spanner/docs/reference/postgresql/functions-and-operators#sequence).\n- Learn about sequences in the `INFORMATION_SCHEMA` in [GoogleSQL](/spanner/docs/information-schema#sequences) or [PostgreSQL](/spanner/docs/information-schema-pg#sequences)."]]
