学习目标
掌握openGauss的用户和角色管理。
课程学习
使用create user创建的用户与使用create role创建的用户的区别在于,前者可以直接连接登录数据库,而使用create role创建的用户不能直接登录到数据库。必须添加LOGIN权限后,才能登录到数据库管理系统。
删除用户,首先需要将用户拥有的数据库对象转移或者删除。
课程作业
1、创建test10_tbs的表空间,在这个表空间中创建数据库testdb10
/*
drop tablespace if exists test10_tbs;
create tablespace test10_tbs relative location 'tablespace/test10_tbs';
drop database if exists testdb10;
create database testdb10 TABLESPACE test10_tbs ;
*/
omm=# drop table if exists testdb10;
DROP TABLE
omm=# drop tablespace if exists test10_tbs;
DROP TABLESPACE
omm=# create tablespace test10_tbs relative location 'tablespace/test10_tbs';
CREATE TABLESPACE
omm=# drop database if exists testdb10;
NOTICE: database "testdb10" does not exist, skipping
DROP DATABASE
omm=# craete database testdb10 TABLESPACE test10_tbs ;
ERROR: syntax error at or near "craete"
LINE 1: craete database testdb10 TABLESPACE test10_tbs ;
^
--手滑拼错create了
omm=# create database testdb10 TABLESPACE test10_tbs ;
CREATE DATABASE
2、使用create user创建用户user10,登录数据库testdb10,创建测试表t1和t2
/*
--使用create user创建用户user10
drop user if exists user10;
create user user10 identified by 'meiriyilian@1234';
alter user user10 sysadmin;
*/
omm=# drop user if exists user10;
DROP ROLE
NOTICE: role "user10" does not exist, skipping
omm=# create user user10 identified by 'meiriyilian@1234';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# alter user user10 sysadmin;
ALTER ROLE
omm=# \du
List of ro
les
Role name | Attribut
es | Member of
-----------+------------------------------------------------------------
------------------------------------------------------+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer a
udit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
user10 | Sysadmin
| {}
/*
--使用create user创建用户user10
\c testdb10 user10
或
\q
gsql -d testdb10 -U user10 -W meiriyilian@1234 -r
drop table if exists t1;
drop table if exists t2;
create table t1(com varchar(250));
create table t2(com varchar(250));
*/
omm=# \c testdb10 user10
Password for user user10:
Non-SSL connection (SSL connection is recommended when requiring high-security)
You are now connected to database "testdb10" as user "user10".
testdb10=> \q
omm@modb:~$ gsql -d testdb10 -U user10 -W meiriyilian@1234 -r
gsql ((openGauss 3.0.0 build 02c14696) compiled at 2022-04-01 18:12:00 commit 0 last mr )
Non-SSL connection (SSL connection is recommended when requiring high-security)
Type "help" for help.
testdb10=> drop table if exists t1;
NOTICE: table "t1" does not exist, skipping
DROP TABLE
drop table if exists t2;
testdb10=> NOTICE: table "t2" does not exist, skipping
DROP TABLE
testdb10=> create table t1(com varchar(250));
CREATE TABLE
testdb10=> create table t2(com varchar(250));
CREATE TABLE
testdb10=> \d
List of relations
Schema | Name | Type | Owner | Storage
--------+------+-------+--------+----------------------------------
public | t1 | table | user10 | {orientation=row,compression=no}
public | t2 | table | user10 | {orientation=row,compression=no}
(2 rows)
3、使用create role创建角色role10,登录数据库testdb10
/*
--使用create role创建角色role10, 并尝试登录testdb10
drop role if exists role10;
create role role10 identified by 'meiriyilian@1234';
alter role role10 sysadmin;
或
alter user role10 sysadmin;
\c testdb10 role10
或
\q
gsql -d testdb10 -U role10 -W meiriyilian@1234 -r
*/
testdb10=> drop role if exists role10;
DROP ROLE
testdb10=> create role role10 identified by 'meiriyilian@1234';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
testdb10=>
testdb10=> alter role role10 sysadmin;
ALTER ROLE
testdb10=> \du
List of rol
es
Role name | Attribute
s | Member of
-----------+-------------------------------------------------------------
-----------------------------------------------------+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer au
dit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
role10 | Cannot login, Sysadmin
| {}
user10 | Sysadmin
| {}
testdb10=> \q
omm@modb:~$ gsql -d testdb10 -U role10 -W meiriyilian@1234 -r
gsql: FATAL: role "role10" is not permitted to login
/*
--登录数据库testdb10,对role需要添加登录权限
gsql -r
alter user role10 LOGIN;
\c testdb10 role10
或
\q
gsql -d testdb10 -U role10 -W meiriyilian@1234 -r
--从命令-U 以及执行效果也可以看出,user和role本质是一样的, 只是默认有没有授权登录权限而已。
*/
omm@modb:~$ gsql -r
gsql ((openGauss 3.0.0 build 02c14696) compiled at 2022-04-01 18:12:00 commit 0 last mr )
Non-SSL connection (SSL connection is recommended when requiring high-security)
Type "help" for help.
omm=# alter user role10 LOGIN;
ALTER ROLE
omm=# \q
omm@modb:~$ gsql -d testdb10 -U role10 -W meiriyilian@1234 -r
gsql ((openGauss 3.0.0 build 02c14696) compiled at 2022-04-01 18:12:00 commit 0 last mr )
Non-SSL connection (SSL connection is recommended when requiring high-security)
Type "help" for help.
testdb10=> \du
List of rol
es
Role name | Attribute
s | Member of
-----------+-------------------------------------------------------------
-----------------------------------------------------+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer au
dit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
role10 | Sysadmin
| {}
user10 | Sysadmin
| {}
4、将表t1直接删除,将前面创建的表空间和数据库、表t2转给role10,删除用户user10
/*
-将表t1直接删除
\du
drop table if exists t1;
\du
*/
testdb10=> \dt
List of relations
Schema | Name | Type | Owner | Storage
--------+------+-------+--------+----------------------------------
public | t1 | table | user10 | {orientation=row,compression=no}
public | t2 | table | user10 | {orientation=row,compression=no}
(2 rows)
testdb10=> drop table if exists t1;
DROP TABLE
testdb10=> \dt
List of relations
Schema | Name | Type | Owner | Storage
--------+------+-------+--------+----------------------------------
public | t2 | table | user10 | {orientation=row,compression=no}
(1 row)
/*
--将前面创建的表空间test10_tbs和数据库testdb10、表t2转给role10
\db
\l
\dt
alter tablespace test10_tbs owner to role10;
alter database testdb10 owner to role10;
alter table t2 owner to role10;
\db
\l
\dt
*/
testdb10=> \db
List of tablespaces
Name | Owner | Location
------------+-------+-----------------------
pg_default | omm |
pg_global | omm |
\l
test10_tbs | omm | tablespace/test10_tbs
(3 rows)
testdb10=> List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+-------+----------+---------+-------+-------------------
omm | omm | UTF8 | C | C |
postgres | omm | UTF8 | C | C |
template0 | omm | UTF8 | C | C | =c/omm +
| | | | | omm=CTc/omm
template1 | omm | UTF8 | C | C | =c/omm +
| | | | | omm=CTc/omm
testdb10 | omm | UTF8 | C | C |
(5 rows)
testdb10=> \dt
testdb10=> List of relations
Schema | Name | Type | Owner | Storage
--------+------+-------+--------+----------------------------------
public | t2 | table | user10 | {orientation=row,compression=no}
(1 row)
alter tablespace test10_tbs owner to role10;
testdb10=> ALTER TABLESPACE
alter database testdb10 owner to role10;
testdb10=> ALTER DATABASE
alter table t2 owner to role10;
ALTER TABLE
testdb10=> \db
List of tablespaces
Name | Owner | Location
------------+--------+-----------------------
pg_default | omm |
pg_global | omm |
test10_tbs | role10 | tablespace/test10_tbs
(3 rows)
testdb10=> \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+--------+----------+---------+-------+-------------------
omm | omm | UTF8 | C | C |
postgres | omm | UTF8 | C | C |
template0 | omm | UTF8 | C | C | =c/omm +
| | | | | omm=CTc/omm
template1 | omm | UTF8 | C | C | =c/omm +
| | | | | omm=CTc/omm
testdb10 | role10 | UTF8 | C | C |
(5 rows)
testdb10=> \dt
List of relations
Schema | Name | Type | Owner | Storage
--------+------+-------+--------+----------------------------------
public | t2 | table | role10 | {orientation=row,compression=no}
(1 row)
/*
--删除用户user10
drop user if exists user10;
REVOKE ALL ON DATABASE omm FROM user10;
drop user if exists user10;
\du
*/
testdb10=> drop user if exists user10;
testdb10=> ERROR: role "user10" cannot be dropped because some objects depend on it
DETAIL: 1 object in database omm
omm=# omm-# select
nsp.nspname as SchemaName
omm-# omm-# ,cls.relname as ObjectName
omm-# ,rol.rolname as ObjectOwner
,case cls.relkind
omm-# when 'r' then 'TABLE'
omm-# when 'm' then 'MATERIALIZED_VIEW'
omm-# when 'i' then 'INDEX'
omm-# when 'S' then 'SEQUENCE'
omm-# when 'v' then 'VIEW'
omm-# when 'c' then 'TYPE'
omm-# else cls.relkind::text
omm-# end as ObjectType
omm-# from pg_class cls
omm-# join pg_roles rol
omm-# on rol.oid = cls.relowner
omm-# join pg_namespace nsp
omm-# on nsp.oid = cls.relnamespace
omm-# where nsp.nspname not in ('information_schema', 'pg_catalog')
omm-# and nsp.nspname not like 'pg_toast%'
omm-# and rol.rolname = 'user10'
omm-# order by nsp.nspname, cls.relname;
schemaname | objectname | objectowner | objecttype
------------+------------+-------------+------------
(0 rows)
omm=# drop user if exists user10;
DROP ROLE
omm=# \du
List of rol
es
Role name | Attribute
s | Member of
-----------+-------------------------------------------------------------
-----------------------------------------------------+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer au
dit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
role10 | Sysadmin
| {}
5、最后删除role10
/*
--删除role10
drop role role10;
--如删除用户role10需要将用户拥有的数据库对象转移或者删除,回收权限。
--先表空间对象和数据库对象的属主修改为其他的用户或者干脆将其删除:
alter database testdb10 owner to omm;
alter tablespace test10_tbs owner to omm;
或
drop database if exists testdb10;
drop tablespace if exists test10_tbs;
--回收用户user2对testdb数据库的权限:
REVOKE ALL ON DATABASE testdb10 FROM role10;
REASSIGN OWNED BY role10 to omm;
\dt
\q
--执行删除用户的操作,可以删除user2用户
gsql -r
drop role role10;
\du
*/
omm=# drop user role10;
ERROR: role "role10" cannot be dropped because some objects depend on it
DETAIL: owner of database testdb10
owner of tablespace test10_tbs
1 object in database testdb10
omm=# \c testdb10 role10
Password for user role10:
Non-SSL connection (SSL connection is recommended when requiring high-security)
You are now connected to database "testdb10" as user "role10".
testdb10=> \dt
List of relations
Schema | Name | Type | Owner | Storage
--------+------+-------+--------+----------------------------------
public | t2 | table | role10 | {orientation=row,compression=no}
(1 row)
testdb10=> \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+--------+----------+---------+-------+-------------------
omm | omm | UTF8 | C | C |
postgres | omm | UTF8 | C | C |
template0 | omm | UTF8 | C | C | =c/omm +
| | | | | omm=CTc/omm
template1 | omm | UTF8 | C | C | =c/omm +
| | | | | omm=CTc/omm
testdb10 | role10 | UTF8 | C | C |
(5 rows)
testdb10=> \db
List of tablespaces
Name | Owner | Location
------------+--------+-----------------------
pg_default | omm |
pg_global | omm |
test10_tbs | role10 | tablespace/test10_tbs
(3 rows)
omm=# drop database if exists testdb10;
DROP DATABASE
omm=# drop tablespace if exists test10_tbs;
omm=# DROP TABLESPACE
omm=# drop role role10;
DROP ROLE
omm=# \du
List of rol
es
Role name | Attribute
s | Member of
-----------+-------------------------------------------------------------
-----------------------------------------------------+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer au
dit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {}
--试验证明删除数据库是, 并不会管里面有没有对象, 比如表格。
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
