学习目标
学习openGauss创建用户、修改用户属性、更改用户权限和删除用户
课程学习
用户是用来登录数据库的,通过对用户赋予不同的权限,可以方便地管理用户对数据库的访问及操作
连接openGauss
root@modb:~# su - omm
omm@modb:~$ gsql -r
CREATE USER user_name [ [ WITH ] option [ ... ] ] [ ENCRYPTED | UNENCRYPTED ] { PASSWORD | IDENTIFIED BY } { 'password' [EXPIRED] | DISABLE };
- 通过CREATE USER创建的用户,默认具有 LOGIN 权限。
- 通过CREATE USER创建用户的同时,系统会在执行该命令的数据库中,为该用户创建一个同名的 SCHEMA。
- 系统管理员在普通用户同名 schema 下创建的对象,所有者(owner)为 schema 的同名用户(非系统管理员)。
1.创建用户
-–以下两种设置密码方法等效
omm=# CREATE USER jim PASSWORD 'abcd@123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# CREATE USER kim IDENTIFIED BY 'abcd@456';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=#
–-用户 dim 具有创建数据库权限
omm=# CREATE USER dim CREATEDB PASSWORD 'abcd@789';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
–-查看用户
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
dim | Create DB | {}
gaussdb | Sysadmin | {}
jim | | {}
kim | | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
omm=#
2.修改用户属性
--修改密码
omm=# ALTER USER jim IDENTIFIED BY 'Abcd@123' REPLACE 'abcd@123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
ALTER ROLE
omm=#
omm=# ALTER USER jim IDENTIFIED BY 'Abcd@123';
ERROR: New password should not equal to the old ones.
omm=#
omm=# ALTER USER jim IDENTIFIED BY 'Abcd@1234';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
ALTER ROLE
omm=#
--为用户 jim 增加 CREATEROLE 权限
omm=# ALTER USER jim CREATEROLE;
ALTER ROLE
-–查看用户
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
dim | Create DB | {}
gaussdb | Sysadmin | {}
jim | Create role | {}
kim | | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
omm=#
3.授权
-–将用户 jim 的权限授权给用户 kim
omm=# GRANT jim to kim;
GRANT ROLE
--将 sysadmin 权限授权给用户 dim
omm=# GRANT ALL PRIVILEGES TO dim;
ALTER ROLE
--重命名用户 dim
omm=# alter user dim rename to tim;
NOTICE: MD5 password cleared because of role rename
ALTER ROLE
omm=#
--查看用户
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
jim | Create role | {}
kim | | {jim}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
tim | Create DB, Sysadmin | {}
4.回收权限
--撤消 kim 的权限
omm=# REVOKE jim FROM kim;
REVOKE ROLE
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
jim | Create role | {}
kim | | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
tim | Create DB, Sysadmin | {}
--撤消用户 dim 的 sysadmin 权限
omm=# revoke all privilege from tim;
ALTER ROLE
--查看用户
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
jim | Create role | {}
kim | | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
tim | Create DB | {}
omm=#
5.删除用户
omm=# drop user tim;
DROP ROLE
omm=# drop user jim;
DROP ROLE
omm=# drop user kim;
DROP ROLE
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
omm=#
课后作业
1.创建用户 user1、user2和 user3,user1 具有 CREATEROLE 权限,user2 具有 CREATEDB 权限,要求使用两种不同的方法设置密码
omm=# CREATE USER user1 CREATEROLE PASSWORD 'abcd@789';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=#
omm=# CREATE USER user2 CREATEDB IDENTIFIED BY 'Abcd@123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=#
omm=# CREATE USER user3 ;
ERROR: The password could not be NULL.
omm=# CREATE USER user3 IDENTIFIED BY 'Abcd@123' REPLACE 'abcd@123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
user1 | Create role | {}
user2 | Create DB | {}
user3 | | {}
omm=#
2.修改用户 user1 的密码
omm=# ALTER USER user1 IDENTIFIED BY 'Abcd@12345';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
ALTER ROLE
omm=#
3.重命名用户 user2
omm=# ALTER USER user2 rename to user20;
NOTICE: MD5 password cleared because of role rename
ALTER ROLE
omm=# --密码被同步清空
4.将用户 user1 的权限授权给用户 user3,再回收用户 user3 的权限
omm=# grant user1 to user3 with admin option;
GRANT ROLE
omm=#
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
user1 | Create role | {}
user20 | Create DB | {}
user3 | | {user1}
omm=# revoke all privilege from user3;
ALTER ROLE
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
user1 | Create role | {}
user20 | Create DB | {}
user3 | | {user1}
omm=#
5.删除所有创建用户
omm=# drop user user1;
DROP ROLE
omm=# drop user user20;
DROP ROLE
omm=# drop user user3;
DROP ROLE
omm=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------------------------------------------------------------+-----------+-------------
gaussdb | Sysadmin | {} |
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
omm=#
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
