1.创建角色
--1、使用gsql登录openGauss
root@modb:~# su - omm
omm@modb:~$ gsql -r
gsql ((openGauss 2.0.0 build 78689da9) compiled at 2021-03-31 21:03:52 commit 0 last mr )
Non-SSL connection (SSL connection is recommended when requiring high-security)
Type "help" for help.
omm=#
--2、创建用户:两种设置密码方法等效
omm=# CREATE USER jim PASSWORD 'abcd@123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# CREATE USER kim IDENTIFIED BY 'abcd@456';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
--3、授予用户dim具有创建数据库权限
omm=# CREATE USER dim CREATEDB PASSWORD 'abcd@789';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
--4、查看用户信息
omm=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------------------------------------------------------------+-----------+-------------
dim | Create DB | {}
|
gaussdb | Sysadmin | {}
|
jim | | {}
|
kim | | {}
|
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
|
2.修改用户属性
--1、修改密码
omm=# ALTER USER jim IDENTIFIED BY 'Abcd@123' REPLACE 'abcd@123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
ALTER ROLE
--2、为用户jim增加CREATEROLE权限
omm=# ALTER USER jim CREATEROLE;
ALTER ROLE
--4、查看用户信息
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
dim | Create DB | {}
gaussdb | Sysadmin | {}
jim | Create role | {}
kim | | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
3.授权
--1、将用户jim的权限授权给用户kim
omm=# GRANT jim to kim;
GRANT ROLE
--2、将sysadmin权限授权给用户dim
omm=# GRANT ALL PRIVILEGES TO dim;
ALTER ROLE
--3、重命名用户dim
omm=# alter user dim rename to tim;
NOTICE: MD5 password cleared because of role rename
ALTER ROLE
--4、查看用户信息
omm=# \du
List of roles
Role name | Attributes | Member of
tim | Create DB, Sysadmin | {}
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
jim | Create role | {}
kim | | {jim}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
4.回收权限
--1、撤消kim的权限
omm=# REVOKE jim FROM kim;
REVOKE ROLE
--2、撤消用户dim的sysadmin权限
omm=# revoke all privilege from tim;
ALTER ROLE
--3、查看用户信息
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
jim | Create role | {}
kim | | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
tim | Create DB | {}
5.删除用户
--1、删除用户
omm=# drop user tim;
DROP ROLE
omm=# drop user jim;
DROP ROLE
omm=# drop user kim;
DROP ROLE
--2、查看当前用户信息
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
练习:
1.创建用户user1、user2和user3,user1具有CREATEROLE权限,user2具有CREATEDB权限,要求使用两种不同的方法设置密码
omm=# create user user1 CREATEROLE identified by 'user1_123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# create user user2 CREATEDB password 'user2_123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# create user user3 password 'user3_123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
user1 | Create role | {}
user2 | Create DB | {}
user3 | | {}
2.修改用户user1的密码
omm=# ALTER USER user1 IDENTIFIED BY 'abcd5678_';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
ALTER ROLE
3.重命名用户user2
omm=# alter user user2 rename to user4;
NOTICE: MD5 password cleared because of role rename
ALTER ROLE
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
user1 | Create role | {}
user3 | | {}
user4 | Create DB
4.将用户user1的权限授权给用户user3,再回收用户user3的权限
omm=# grant user1 to user3;
GRANT ROLE
omm=# \du
List of roles
Role name | Attributes | Membe
r of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
user1 | Create role | {}
user3 | | {user1}
user4 | Create DB | {}
omm=# revoke all PRIVILEGES from user3;
ALTER ROLE
omm=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------------------------------------------------------------+-----------
gaussdb | Sysadmin | {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
user1 | Create role | {}
user3 | | {user1}
user4 | Create DB | {}
5.删除所有创建用户
过程中使用\du或\du+查看用户信息
omm=# drop user user1;
DROP ROLE
omm=# drop user user3;
DROP ROLE
omm=# drop user user4;
DROP ROLE
最后修改时间:2021-12-05 23:07:30
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
