vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/dev/dws_04_0055.html
Lu, Huayi ef0ada5a59 DWS DEV 20240716 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-11-02 09:07:47 +00:00

60 lines
10 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001531181593"></a><a name="EN-US_TOPIC_0000001531181593"></a>
<h1 class="topictitle1">Database Users</h1>
<div id="body8662426"><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p254220444810">Without separation of permissions, GaussDB(DWS) supports two types of database accounts: administrator and common user. For details about user types and permissions under separation of permissions, see <a href="dws_04_0056.html#EN-US_TOPIC_0000001480501210">Separation of Permissions</a>.</p>
<ul id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_ul1868561754819"><li id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_li968617177487">The administrator can manage all common users and databases.</li><li id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_li20686201718485">Common users can connect to and access the database, and perform specific database operations and execute SQL statements after being authorized.</li></ul>
<p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p81191305346">Users are authenticated when they log in to the <span id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_text861939956">GaussDB(DWS)</span> database. A user can own databases and database objects (such as tables), and grant permissions of these objects to other users and roles. In addition to system administrators, users with the <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b50960243011512">CREATEDB</strong> attribute can create databases and grant permissions to these databases.</p>
<div class="section" id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_section6579918144510"><h4 class="sectiontitle">Database User Types</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_table15592195131713" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Database user types</caption><thead align="left"><tr id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_row15931501711"><th align="left" class="cellrowborder" valign="top" width="10%" id="mcps1.3.4.2.2.5.1.1"><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p195942514179">User Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.2.2.5.1.2"><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p1117103952910">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="35%" id="mcps1.3.4.2.2.5.1.3"><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p8594185111719">Allowed Operations</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="35%" id="mcps1.3.4.2.2.5.1.4"><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p47771456153619">How to Create</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_row20594135111713"><td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.4.2.2.5.1.1 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p17594115191710">Administrator <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b13783125852518">dbadmin</strong></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.2.2.5.1.2 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p269073052517">An administrator, also called a system administrator, is an account with the <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b7617351135413">SYSADMIN </strong>attribute.</p>
</td>
<td class="cellrowborder" valign="top" width="35%" headers="mcps1.3.4.2.2.5.1.3 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p1159535141712">If separation of permissions is not enabled, this account has the highest permission in the system and can perform all operations. The system administrator has the same permissions as the object owner.</p>
</td>
<td class="cellrowborder" valign="top" width="35%" headers="mcps1.3.4.2.2.5.1.4 "><ul id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_ul131441459202914"><li id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_li166343714309">User <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b115595432618">dbadmin </strong>created during cluster creation on the GaussDB(DWS) management console is a system administrator.</li><li id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_li7145125922912">Use the <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b1719124812274">CREATE USER</strong> or <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b17456205018273">ALTER USER</strong> syntax to create an administrator.<pre class="screen" id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_screen4761145817259">CREATE USER <em id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_i276173315223">sysadmin</em> WITH SYSADMIN password '<em id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_i1996392214229">{Password}</em>';</pre>
<pre class="screen" id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_screen13261582272">ALTER USER <em id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_i984410118232">u1</em> SYSADMIN;</pre>
</li></ul>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_row195951541715"><td class="cellrowborder" rowspan="2" valign="top" width="10%" headers="mcps1.3.4.2.2.5.1.1 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p14595105161717">Common user</p>
<p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p252715354720"></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.2.2.5.1.2 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p15951358173">Common user</p>
</td>
<td class="cellrowborder" valign="top" width="35%" headers="mcps1.3.4.2.2.5.1.3 "><ul id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_ul89611910203412"><li id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_li79612101346">Use a tool to connect to the database.</li><li id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_li12962161018343">Have the attributes of specific database system operations, such as <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b104293028181852">CREATEDB</strong>, <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b42385387881852">CREATEROLE</strong>, and <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b50948786081852">SYSADMIN</strong>.</li><li id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_li1296213107340">Access database objects.</li><li id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_li12962141018344">Run SQL statements.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="35%" headers="mcps1.3.4.2.2.5.1.4 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p677765611364">Run the <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b20486135515299">CREATE USER</strong> syntax to create a common user.</p>
<pre class="screen" id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_screen191761133172618">CREATE USER <em id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_i53382048174113">u1</em> PASSWORD '<em id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_i36631725181012">{Password}</em>';</pre>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_row4526113194710"><td class="cellrowborder" valign="top" headers="mcps1.3.4.2.2.5.1.1 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p0409347152715">Private user</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.4.2.2.5.1.2 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p291652416506">A user created with the <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b23721642311512">INDEPENDENT</strong> attribute in non-separation-of-permissions mode.</p>
<p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p11108114315012">Database administrators can manage (<strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b205609301211512">DROP</strong>, <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b212561601811512">ALTER</strong>, and <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b191003805911512">TRUNCATE</strong>) objects of private users but cannot access (<strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b32776326711512">INSERT</strong>, <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b4193836311512">DELETE</strong>, <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b184949162111512">SELECT</strong>, <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b150389627111512">UPDATE</strong>, <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b1423971711512">COPY</strong>, <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b210071563211512">GRANT</strong>, <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b207253897111512">REVOKE</strong>, and <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b107328697511512">ALTER OWNER</strong>) the objects before being authorized.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.4.2.2.5.1.3 "><p id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_p147114710272">Use the <strong id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_b738085810321">CREATE USER</strong> syntax to create a private user.</p>
<pre class="screen" id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_screen1953020257272">CREATE USER <em id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_i470265417105">user_independent </em>WITH INDEPENDENT<em id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_i2036937171113"> </em>IDENTIFIED BY '<em id="EN-US_TOPIC_0000001531181593__en-us_topic_0000001188323750_i270255412103">{Password}'</em>;</pre>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0053.html">Managing Users and Their Permissions</a></div>
</div>
</div>
View Git Blame Copy Permalink