GBase 8a用户角色role、用户组的管理

GBase 8a支持用户组,或者叫用户角色。用户组内的用户,自动拥有组的权限,可以更高效的批量管理用户权限。

创建用户组

gbase> create role testdb_admin;
Query OK, 0 rows affected (Elapsed: 00:00:00.01)

给用户组授权

gbase> grant all on testdb.* to testdb_admin;
Query OK, 0 rows affected (Elapsed: 00:00:00.00)

添加用户到用户组

gbase> create user test1 identified by 'test1';
Query OK, 0 rows affected (Elapsed: 00:00:00.01)

gbase> grant testdb_admin to test1;
Query OK, 0 rows affected (Elapsed: 00:00:00.00)

测试用户权限

可以正常登录,并享有相应的权限。

[gbase@gbase_rh7_003 ~]$ gccli -utest1 -ptest1

GBase client 9.5.3.18.123926. Copyright (c) 2004-2020, GBase.  All Rights Reserved.

gbase> show grants;
+--------------------------------------------------------------------------------------------------------+
| Grants for test1@%                                                                                     |
+--------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.*.* TO 'test1'@'%' IDENTIFIED BY PASSWORD '*06C0BF5B64ECE2F648B5F048A71903906BA08E5C' |
| GRANT "testdb_admin" TO "test1"                                                                        |
+--------------------------------------------------------------------------------------------------------+
2 rows in set (Elapsed: 00:00:00.00)

gbase> use testdb;
Query OK, 0 rows affected (Elapsed: 00:00:00.00)

gbase> create table test1(id int);
Query OK, 0 rows affected (Elapsed: 00:00:00.14)

gbase> drop table test1;
Query OK, 0 rows affected (Elapsed: 00:00:00.05)

删除用户组

gbase> drop role testdb_admin;
Query OK, 0 rows affected (Elapsed: 00:00:00.01)

测试用户组删除后的用户权限

已经不再享有用户组的。

[gbase@gbase_rh7_003 ~]$ gccli -utest1 -ptest1

GBase client 9.5.3.18.123926. Copyright (c) 2004-2020, GBase.  All Rights Reserved.

gbase> show grants;
+--------------------------------------------------------------------------------------------------------+
| Grants for test1@%                                                                                     |
+--------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.*.* TO 'test1'@'%' IDENTIFIED BY PASSWORD '*06C0BF5B64ECE2F648B5F048A71903906BA08E5C' |
+--------------------------------------------------------------------------------------------------------+
1 row in set (Elapsed: 00:00:00.00)


gbase> use testdb;
ERROR 1044 (42000): Access denied for user 'test1'@'%' to database 'testdb'

发表评论

您的电子邮箱地址不会被公开。