vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/dev/dws_04_0058.html
Lu, Huayi a24ca60074 DWS DEVELOPER 811 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2023-01-19 13:37:49 +00:00

21 lines
4.1 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001098974514"></a><a name="EN-US_TOPIC_0000001098974514"></a>
<h1 class="topictitle1">Roles</h1>
<div id="body8662426"><p id="EN-US_TOPIC_0000001098974514__a0e365e8ec5b84a899bf1a6438fd40b32">A role is a set of permissions. After a role is granted to a user through <strong id="EN-US_TOPIC_0000001098974514__b35816143266">GRANT</strong>, the user will have all the permissions of the role. It is recommended that roles be used to efficiently grant permissions. For example, you can create different roles of design, development, and maintenance personnel, grant the roles to users, and then grant specific data permissions required by different users. When permissions are granted or revoked at the role level, these changes take effect on all members of the role.</p>
<p id="EN-US_TOPIC_0000001098974514__p1682774412408"><span id="EN-US_TOPIC_0000001098974514__text1007343817">GaussDB(DWS)</span> provides an implicitly defined group <strong id="EN-US_TOPIC_0000001098974514__b223948121718">PUBLIC</strong> that contains all roles. By default, all new users and roles have the permissions of <strong id="EN-US_TOPIC_0000001098974514__b64610281810">PUBLIC</strong>. For details about the default permissions of <strong id="EN-US_TOPIC_0000001098974514__b194027579186">PUBLIC</strong>, see GRANT. To revoke permissions of <strong id="EN-US_TOPIC_0000001098974514__b82749347208">PUBLIC</strong> from a user or role, or re-grant these permissions to them, add the <strong id="EN-US_TOPIC_0000001098974514__b933413162120">PUBLIC</strong> keyword in the <strong id="EN-US_TOPIC_0000001098974514__b8673195982114">REVOKE</strong> or <strong id="EN-US_TOPIC_0000001098974514__b1330712567215">GRANT</strong> statement.</p>
<p id="EN-US_TOPIC_0000001098974514__af29398cff1464bd1ba13906817e39c79">To view all roles, query the system catalog <strong id="EN-US_TOPIC_0000001098974514__b144855413292">PG_ROLES</strong>.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001098974514__sd4f5e25ffae840afadfe668712024ec2"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">PG_ROLES</span><span class="p">;</span><span class="w"></span>
</pre></div></td></tr></table></div>
</div>
<div class="section" id="EN-US_TOPIC_0000001098974514__se88a9cf3a28945eaae15369d7ace068d"><h4 class="sectiontitle">Adding, Modifying, and Deleting Roles</h4><p id="EN-US_TOPIC_0000001098974514__en-us_topic_0155089863_p191418216455">In non-<a href="dws_04_0056.html">separation-of-duty</a> scenarios, a role can be created, modified, and deleted only by a system administrator or a user with the <strong id="EN-US_TOPIC_0000001098974514__b17735165223014">CREATEROLE</strong> attribute. In separation-of-duty scenarios, a role can be created, modified, and deleted only by a user with the <strong id="EN-US_TOPIC_0000001098974514__b255329153219">CREATEROLE</strong> attribute.</p>
<ul id="EN-US_TOPIC_0000001098974514__en-us_topic_0155089863_ul6897143531"><li id="EN-US_TOPIC_0000001098974514__l48433d332d8c4a63ab8bccfb9ed7e7e7">To create a role, use <strong id="EN-US_TOPIC_0000001098974514__b454185923013">CREATE ROLE</strong>.</li><li id="EN-US_TOPIC_0000001098974514__l3f05a2ec584544ceacea89d45ad143d1">To add or delete users in an existing role, use <strong id="EN-US_TOPIC_0000001098974514__b18945163313717">ALTER ROLE</strong>.</li><li id="EN-US_TOPIC_0000001098974514__l5936019333fb45c88778ced832eaf0aa">To delete a role, use <strong id="EN-US_TOPIC_0000001098974514__b1991491375">DROP ROLE</strong>. <strong id="EN-US_TOPIC_0000001098974514__b9835211173319">DROP ROLE</strong> deletes only a role, rather than member users in the role.</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0053.html">Managing Users and Their Permissions</a></div>
</div>
</div>
View Git Blame Copy Permalink