Table of contents
1. Overview of GaussDB permissions
2. GaussDB permission design suggestions
3. The GRANT command of GaussDB
Fourth, the REVOKE command usage of GaussDB
1. Overview of GaussDB permissions
In the database, the creator of the object will become the owner of the object, and has the authority to query, modify and delete the object. At the same time, the system administrator also has the same authority as the owner. Therefore, for another user to be able to use an object, the user or a role containing the user must be granted the necessary permissions.
GaussDB database object permissions:
The object owner's permissions (such as ALTER, DROP, COMMENT, INDEX, VACUUM, GRANT, and REVOKE) are implicitly owned, that is, these implicit permissions of the object owner can be executed as long as the object is owned. Object owners can revoke their own ordinary permissions.
To revoke permissions that have been granted, use REVOKE .
System tables and system views are either only visible to system administrators or visible to all users. Only system administrators can query the system tables and views that require system administrator privileges.
The database provides the feature of object isolation. When the object isolation feature is enabled, users can only view objects (tables, views, fields, functions) that they have permission to access, and system administrators are not affected.
It is not recommended that users modify the permissions of system tables and system views.
2. GaussDB permission design suggestions
Before business use, the database, schema (SCHEMA) and user (USER) must be created by the system administrator (root user). Then, the relevant users need to be granted the required permissions to access the objects. If the user is not the owner of the schema, to access the objects in the schema, the user must also be granted the usage permission of the schema and the corresponding permissions of the objects.
Use lowercase for DATABASE , SCHEMA, and USER names. The database will convert its name to lowercase by default. If there is an uppercase object name in the connection string, it cannot be connected to the database.
When granting rights to roles and users, the principle of least privilege should be used.
Privileges are managed through roles first.Use roles to manage permissions, and then assign roles to users. For example:
- Roles and users have a many-to-many relationship. A role can be assigned to multiple users. If the permissions in the role are modified, the permissions of the users assigned to the role can be updated at the same time.
- When users are deleted, roles are not affected.
- After creating a new user, you can quickly obtain the required permissions by assigning a role.
When deleting a specified database, the user's CONNECT permission to the database should be revoked to avoid failure due to active database connections still existing during deletion.
3. The GRANT command of GaussDB
1. Function description
1 ) Authorize system privileges to roles or users
System permissions are also called user attributes, including SYSADMIN, CREATEDB, CREATEROLE, AUDITADMIN, MONADMIN, OPRADMIN, POLADMIN, INHERIT, REPLICATION, VCADMIN, and LOGIN.
System permissions are generally specified through the CREATE/ALTER ROLE syntax. Among them, SYSADMIN authority can be granted or revoked through GRANT/REVOKE ALL PRIVILEGE. However, system privileges cannot be inherited through ROLE and USER privileges, nor can they be granted to PUBLIC.
2 ) Authorize database objects to roles or users
Grant relevant permissions on database objects (tables and views, specified fields, databases, functions, schemas, tablespaces, etc.) to specific roles or users;
The GRANT command grants specific privileges on database objects to one or more roles. These permissions are appended to existing permissions.
The keyword PUBLIC indicates that the authority should be granted to all roles, including users created later. PUBLIC can be seen as an implicitly defined group that always includes all roles. Any role or user will have the permissions directly granted by GRANT and the permissions it belongs to, plus the permissions of PUBLIC.
If WITH GRANT OPTION is declared , authorized users can also grant this permission to others. This option cannot be assigned to PUBLIC (GaussDB-specific attribute).
GaussDB grants PUBLIC permissions on certain types of objects. By default, permissions on tables, table fields, sequences, external data sources, external servers, schemas, or tablespace objects are not granted to PUBLIC, while permissions on the following objects are granted to PUBLIC: database CONNECT permissions and CREATE TEMP TABLE permissions , EXECUTE privilege for functions, and USAGE privilege for languages and data types (including domains). Of course, the object owner can revoke the default permissions granted to PUBLIC and specifically grant permissions to other users. To be safer, it is recommended to create the object and set permissions in the same transaction, so that there is no time window for other users to use the object.
The owner of the object has all the permissions on the object by default. For security reasons, the owner can give up some permissions, but ALTER, DROP, COMMENT, INDEX, VACUUM, and the sub-grantable permissions of the object are inherent permissions of the owner. owned.
3 ) Authorize the permissions of roles or users to other roles or users
Grant the permissions of one role or user to one or more other roles or users. In this case, each role or user can be thought of as having a collection of one or more database privileges.
If WITH ADMIN OPTION is declared , the authorized user can re-grant the permission to other roles or users, and revoke all permissions inherited by the role or user. When an authorized role or user is changed or revoked, the permissions of all users who inherit the role or user permissions will change accordingly.
The database system administrator can grant/revoke any privilege to any role or user. A role with the CREATEROLE privilege can grant or revoke the privileges of any non-system administrator role.
4 ) Grant ANY permission to a role or user
Grant ANY permission to specific roles and users. When WITH ADMIN OPTION is declared, the authorized user can grant the ANY permission to other roles/users again, or revoke the ANY permission from other roles/users. ANY authority can be inherited through roles, but cannot be granted to PUBLIC. The initial user and the system administrator user when the separation of powers is turned off can grant or revoke ANY permission to any role/user.
The following ANY permissions are currently supported:
2. Precautions
1) It is not allowed to grant ANY permission to PUBLIC, and it is not allowed to withdraw ANY permission from PUBLIC.
2) The ANY permission belongs to the permission in the database, and is only valid for objects in the database to which the permission is granted. For example, SELECT ANY TABLE only allows users to view all user table data in the current database, and has no viewing permission for user tables in other databases.
3) Even if the user is granted the ANY permission, the objects under the private user cannot be accessed (INSERT, DELETE, UPDATE, SELECT).
4) The ANY authority has no mutual influence with the original authority.
5) If the user is granted the CREATE ANY TABLE permission, the owner of the table created under the schema with the same name is the creator of the schema, and the user needs to grant the corresponding operation permission when performing other operations on the table.
6) It is necessary to carefully grant the user the CREATE ANY FUNMCTION permission to prevent other users from using SECURITY DEFINER type functions to elevate their permissions.
3. Common grammar
1 ) Grant access to the table or view to the specified user or role
|
GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER | ALTER | DROP | COMMENT | INDEX | VACUUM } [, ...] | ALL [ PRIVILEGES ] } ON { [ TABLE ] table_name [, ...] | ALL TABLES IN SCHEMA schema_name [, ...] } TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]; |
2 ) Grant access to the fields in the table to the specified user or role
|
3) Grant access to the database to specified users or roles
|
4 ) Grant access to the function to the specified user or role
|
5) Grant access to stored procedures to specified users or roles
|
……
Fourth, the REVOKE command usage of GaussDB
1. Function description
REVOKE is used to revoke the privileges of one or more users or roles.
2. Precautions
When the non-object owner REVOKE permission is executed according to the following rules:
1) If the authorized user does not have permissions on the object, the command fails immediately.
2) If the authorized user has partial permissions, only revoke those permissions that have authorization options.
3) If the authorized user has no authorization option, the REVOKE ALL PRIVILEGES form will issue an error message, and for other forms of commands, if the authority specified in the command does not have a corresponding authorization option, the command will issue a warning.
3. Common grammar
1) Reclaim the permissions on the specified table or view
|
2) Recycle the permissions of the specified fields on the table
|
3) Reclaim permissions on the specified database
|
4) Reclaim the permissions on the specified function
|
5) Reclaim the permissions on the specified stored procedure
|
……
Five, GaussDB example
1. GRANT statement example
1)授予用户 user_name 对 database_name.table_name 表的 SELECT、INSERT、UPDATE、DELETE 权限。
| GRANT SELECT,INSERT,UPDATE,DELETE ON database_name.table_name TO user_name; |
2)授予用户 user_name 对 database_name.table_name 的所有权限。
| GRANT ALL PRIVILEGES ON database_name.table_name TO user_name; |
3)授予用户 user_name 对 database_name.table_name 的 SELECT、INSERT、UPDATE、DELETE 权限,并允许他将该权限传递给其他用户。
| GRANT SELECT,INSERT,UPDATE,DELETE ON database_name.table_name TO user_name WITH GRANT OPTION; |
2.REVOKE 语句示例:
1)撤销用户 user_name 对 database_name.table_name 表的 SELECT、INSERT、UPDATE、DELETE 权限。
| REVOKE SELECT,INSERT,UPDATE,DELETE on database_name.table_name FROM user_name; |
2)撤销用户 user_name 对 database_name.table_name 的所有权限。
| REVOKE ALL PRIVILEGES ON database_name.table_name FROM user_name; |
3)撤销用户 user_name 对 database_name.table_name 表的 SELECT、INSERT、UPDATE、DELETE 权限。
| REVOKE SELECT,INSERT,UPDATE,DELETE ON database_name.table_name FROM user_name WITH GRANT OPTION; |
Tip:一个用户只能撤销由它自己直接赋予的权限,依赖性权限仍然存在,但如果声明了CASCADE,则所有依赖性权限都被撤销.
小结:数据库的GRANT & REVOKE命令是用于管理数据库用户权限的命令。这些命令通常用于在数据库中为用户分配权限,以便用户可以访问和操作数据库中的数据。GRANT & REVOKE是GaussDB云数据库中非常重要的一个命令,它可以用于撤销和管理数据库中的不同对象的访问权限,从而保证数据库的安全性和可靠性。
本期分享就到这里, 欢迎大家交流、学习!