1. User authority management
01. Create users and assign permissions
Create users and assign system permissions
创建一个具有创建数据库权限的用户:
CREATE USER joe WITH CREATEDB PASSWORD "GAUSS@123";
Assign object permissions to users
将表student的select权限赋给用户joe:
GRANT SELECT ON TABLE student to joe;
Assign object permissions to roles
将表teacher的select权限赋给角色lily:
GRANT SELECT ON TABLE teacher to lily;
Grant role permissions to users
将角色lily的权限赋给用户joe:
GRANT lily to joe;
02. View user or role permissions
1. Check the system permissions of user joe and execute the following commands:
\du joe
The results are as follows:
List of roles
Role name | Attributes | Member of
-----------+------------+-----------
JOE | Create DB | {
}
Create DB in the result display represents that user joe has the authority to create a database.
2. Execute the following command to switch to user joe
set role joe password "gaussdb@123";
carried out:
SELECT * FROM ALL_OBJECTS WHERE OBJECT_TYPE='TABLE';
The result is as follows, it means the query is successful.
OWNER | OBJECT_NAME | OBJECT_ID | OBJECT_TYPE | NAMESPACE
----------+-------------------------+-----------+-------------+-----------
GAUSSDBA | SQL_PACKAGES | 12898 | TABLE | 12760
GAUSSDBA | PG_ENUM | 3501 | TABLE | 11
GAUSSDBA | PG_LARGEOBJECT | 2613 | TABLE | 11
GAUSSDBA | PG_DIRECTORY | 3222 | TABLE | 11
............
03. Modify users and permissions
To change the system permissions of user joe, add the system permissions for creating users to it and remove the system permissions for creating data, execute the following command:
ALTER USER joe WITH NOCREATEDB CREATEROLE PASSWORD "Gauss@123";
04. Delete user
To delete a user joe, execute the following command:
DROP USER joe;