forked from docs/doc-exports
Lu, Huayi
a24ca60074
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Lu, Huayi <luhuayi@huawei.com> Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
17 lines
3.7 KiB
HTML
17 lines
3.7 KiB
HTML
<a name="EN-US_TOPIC_0000001099134980"></a><a name="EN-US_TOPIC_0000001099134980"></a>
|
|
|
|
<h1 class="topictitle1">Default Permission Mechanism</h1>
|
|
<div id="body8662426"><p id="EN-US_TOPIC_0000001099134980__p101295419267">A user who creates an object is the owner of this object. By default, <a href="dws_04_0056.html">Separation of Permissions</a> is disabled after cluster installation. A database system administrator has the same permissions as object owners. After an object is created, only the object owner or system administrator can query, modify, and delete the object, and grant permissions for the object to other users through <strong id="EN-US_TOPIC_0000001099134980__b9556629162810">GRANT</strong> by default.</p>
|
|
<p id="EN-US_TOPIC_0000001099134980__a45227246018148928ad6033926a11b30">To enable another user to use the object, grant required permissions to the user or the role that contains the user.</p>
|
|
<p id="EN-US_TOPIC_0000001099134980__aacde223903c84a3b9173c934213a0dfd"><span id="EN-US_TOPIC_0000001099134980__text53201100">GaussDB(DWS)</span> supports the following permissions: <strong id="EN-US_TOPIC_0000001099134980__b1426917214249">SELECT</strong>, <strong id="EN-US_TOPIC_0000001099134980__b92697210246">INSERT</strong>, <strong id="EN-US_TOPIC_0000001099134980__b1426913215245">UPDATE</strong>, <strong id="EN-US_TOPIC_0000001099134980__b1527017252412">DELETE</strong>, <strong id="EN-US_TOPIC_0000001099134980__b22702232415">TRUNCATE</strong>, <strong id="EN-US_TOPIC_0000001099134980__b627014282413">REFERENCES</strong>, <strong id="EN-US_TOPIC_0000001099134980__b1027114232419">CREATE</strong>, <strong id="EN-US_TOPIC_0000001099134980__b15271122112419">CONNECT</strong>, <strong id="EN-US_TOPIC_0000001099134980__b1627112212247">EXECUTE</strong>, <strong id="EN-US_TOPIC_0000001099134980__b1727182162418">USAGE</strong> and <strong id="EN-US_TOPIC_0000001099134980__b12721824243">ANALYZE</strong>|<strong id="EN-US_TOPIC_0000001099134980__b62721328241">ANALYSE</strong>. Permission types are associated with object types. For permission details, see GRANT.</p>
|
|
<p id="EN-US_TOPIC_0000001099134980__a3188c787c3ae4532a0b24724dce9cb59">To remove permissions, use <strong id="EN-US_TOPIC_0000001099134980__b12974172515288">REVOKE</strong>. Object owner permissions such as <strong id="EN-US_TOPIC_0000001099134980__b49241749144815">ALTER</strong>, <strong id="EN-US_TOPIC_0000001099134980__b20924164974812">DROP</strong>, <strong id="EN-US_TOPIC_0000001099134980__b2924849114818">GRANT</strong>, and <strong id="EN-US_TOPIC_0000001099134980__b1692534924819">REVOKE</strong> are implicit and cannot be granted or revoked. That is, you have the implicit permissions for an object if you are the owner of the object. Object owners can remove their own common permissions, for example, making tables read-only to themselves or others.</p>
|
|
<p id="EN-US_TOPIC_0000001099134980__en-us_topic_0155088780_p848218311083">System catalogs and views are visible to either system administrators or all users. System catalogs and views that require system administrator permissions can be queried only by system administrators. For details, see <a href="dws_04_0559.html">System Catalogs and System Views</a>.</p>
|
|
<p id="EN-US_TOPIC_0000001099134980__p1995746192320">The database provides the object isolation feature. If this feature is enabled, users can view only the objects (tables, views, columns, and functions) that they have the permission to access. System administrators are not affected by this feature. For details, see ALTER DATABASE.</p>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0053.html">Managing Users and Their Permissions</a></div>
|
|
</div>
|
|
</div>
|
|
|