forked from docs/doc-exports
Lu, Huayi
ef0ada5a59
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: Lu, Huayi <luhuayi@huawei.com> Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
60 lines
14 KiB
HTML
60 lines
14 KiB
HTML
<a name="EN-US_TOPIC_0000001480021754"></a><a name="EN-US_TOPIC_0000001480021754"></a>
|
|
|
|
<h1 class="topictitle1">User Management</h1>
|
|
<div id="body8662426"><p id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_p1868572342914">You can use <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b177176812178">CREATE USER</strong> and <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b20717186172">ALTER USER</strong> to create and manage database users.</p>
|
|
<ul id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_ul18954124143010"><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li495444203012">In the non-<a href="dws_04_0056.html#EN-US_TOPIC_0000001480501210">separation-of-permission</a> mode, a <span id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_text10257114155518">GaussDB(DWS)</span> user account can be created and deleted only by a system administrator or a security administrator with the <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b192571420555">CREATEROLE</strong> attribute.</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li99541347309">In separation-of-permission mode, a user account can be created only by a security administrator.</li></ul>
|
|
<div class="section" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_s5a76876c562240bb9a03705a6487337f"><h4 class="sectiontitle">Creating a User</h4><p id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_p1573314153610">The <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b962032611406">CREATE USER</strong> statement is used to create a GaussDB (DWS) user. After creating a user, you can use the user to connect to the database.</p>
|
|
<ul id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_u4bfa4d1112af43318dd434b9cfffcbf0"><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li116850349186">Create common user <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b3419153524014">u1</strong> and assign the <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b113871438124015">CREATEDB </strong>attribute to the user.<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_s892d131194b3404fa2acfc6472700f9f"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">WITH</span><span class="w"> </span><span class="k">CREATEDB</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span><span class="w"> </span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_lccbf77bee88541569c5e40005095843d">To create the system administrator <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b4538194264020">mydbadmin</strong>, you need to specify the <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b095615443403">SYSADMIN </strong>parameter.<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_screen325453331915"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">mydbadmin</span><span class="w"> </span><span class="n">sysadmin</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li497513519333">View the created user in the <a href="dws_04_0791.html">PG_USER</a> view.<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_screen35510488336"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">pg_user</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li198021759132313">To view user attributes, query the system catalog <a href="dws_04_0574.html">PG_AUTHID</a>.<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_screen1480295916239"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">pg_authid</span><span class="p">;</span><span class="w"> </span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li></ul>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_section177791258171313"><h4 class="sectiontitle">Altering User Attributes</h4><p id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_p02921820161416">The <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b17869132174116">ALTER USER</strong> statement is used to alter user attributes, such as changing user passwords or permissions.</p>
|
|
<p id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_p19125111219143">Example:</p>
|
|
<ul id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_ul8921195210312"><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li292145233116">Rename user <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b161931737104020">u1</strong> to <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b93511839104011">u2</strong>.<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_en-us_topic_0000001082926733_s1aa0fa851c7f45c9aac01f563e469336"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="k">RENAME</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">u2</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li39221752183118">Grant the <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b655711156422">CREATEROLE</strong> permission to user <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b0818131814425">u1</strong>:<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_screen2649718142220"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="n">CREATEROLE</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li238439133819">For details about how to change the user password, see <a href="dws_04_0063.html#EN-US_TOPIC_0000001531101121__en-us_topic_0000001188482292_section1897910435417">Setting and Changing a Password</a>.</li></ul>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_section5530258152512"><h4 class="sectiontitle">Locking a User</h4><p id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_p583454519420">The <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b156216105177">ACCOUNT LOCK</strong> | <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b434581371710">ACCOUNT UNLOCK</strong> parameter in the statement is used to lock or unlock a user. A locked user cannot log in to the system. If an account is stolen or illegally accessed, the administrator can manually lock the account. After the account is secured, the administrator can manually unlock the account.</p>
|
|
<p id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_a965c39fa6c1b485d9531984163b5df7b">Example:</p>
|
|
<ul id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_ul56140553218"><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li4615175133217">To lock user <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b515120719181">u1</strong>, run the following command:<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_sd7a7a6ffd93848ec82772e85e1152046"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="n">ACCOUNT</span><span class="w"> </span><span class="k">LOCK</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li62371119328">To unlock user <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b293139141812">u1</strong>, run the following command:<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_sfbbbae6fbe514ae7865f2696ee6b9e4c"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="n">ACCOUNT</span><span class="w"> </span><span class="n">UNLOCK</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li></ul>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_section1365185119379"><h4 class="sectiontitle">Deleting a User</h4><p id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_p114873574371">The <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b1520929122217">DROP USER</strong> statement is used to delete one or more GaussDB(DWS) users. An administrator can delete an account that is no longer used. Deleted users cannot be restored.</p>
|
|
<ul id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_ul41936112209"><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li171932192015">If multiple users are deleted at the same time, separate them with commas (,).</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li11193101142015">After a user is deleted successfully, all the permissions of the user are also deleted.</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li1299164410401">When an account to be deleted is in the active state, it is deleted after the session is disconnected.</li><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li6974145124118">When <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b663378102316">CASCADE </strong>is specified in the <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b1193303212315">DROP USER</strong> statement, objects such as tables that depend on the user will be deleted. That is, the objects whose owner is the user are deleted, and the authorizations of other objects to the user are also deleted.</li></ul>
|
|
<p id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_p1545712420105">Example:</p>
|
|
<ul id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_ul19914101516326"><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li129141815183214">-- Delete user <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b209671513122518">u1</strong>.<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_screen12472141917136"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">DROP</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li></ul>
|
|
<ul id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_ul13205121973219"><li id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_li2205101943217">Delete account <strong id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_b321421822517">u2</strong> in a cascading manner.<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001480021754__en-us_topic_0000001233563239_saf2296eb7a554757b09ed7c4f05c4816"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">DROP</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u2</span><span class="w"> </span><span class="k">CASCADE</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</li></ul>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0053.html">Managing Users and Their Permissions</a></div>
|
|
</div>
|
|
</div>
|
|
|