本次课学习的内容是openGauss创建角色、修改角色属性、更改角色权限和删除角色。
角色是用来管理权限的,从数据库安全的角度考虑,可以把所有的管理和操作权限划分到不同的角色上。
课程学习前还是先进入实训环境,输入su - omm口令和密码连接openGauss。
root@modb:~#
root@modb:~# su - omm
omm@modb:~$ gsql -r
gsql ((openGauss 2.0.0 build 78689da9) compiled at 2021-03-31 21:03:52 commit 0 last mr )
Non-SSL connection (SSL connection is recommended when requiring high-security)
Type "help" for help.复制
1、创建角色role1为系统管理员, role2指定生效日期, role3具有LOGIN属性
可以使用\du命令查看当前数据库角色
omm=# \du
List of roles
Role name | Attributes
| Member of
-----------+------------------------------------------------------------------------------------------------------------------
+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT
| {}复制
开始创建角色
omm=# CREATE ROLE role1 SYSADMIN IDENTIFIED BY 'role_123';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# CREATE ROLE role2 with PASSWORD 'role_456' VALID BEGIN '2021-12-4' VALID UNTIL '2021-12-30';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE
omm=# CREATE ROLE role3 LOGIN IDENTIFIED BY 'role_789';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
CREATE ROLE复制
使用\du命令查看当前角色
omm=# \du
List of roles
Role name | Attributes
| Member of
-----------+------------------------------------------------------------------------------------------------------------------
+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT
| {}
role1 | Cannot login, Sysadmin
| {}
role2 | Cannot login +
| {}
| Role valid begin 2021-12-04 00:00:00+08 +
|
| Role valid until 2021-12-30 00:00:00+08
|
role3 |
| {}复制
发现任务1已经完成
2.重命名role1并使用\du命令查看
omm=# ALTER ROLE role1 RENAME TO role10;
NOTICE: MD5 password cleared because of role rename
ALTER ROLE
omm-# \du
List of roles
Role name | Attributes
| Member of
-----------+------------------------------------------------------------------------------------------------------------------
+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT
| {}
role10 | Cannot login, Sysadmin
| {}
role2 | Cannot login +
| {}
role3 |
| {}
| Role valid begin 2021-12-04 00:00:00+08 +
|
| Role valid until 2021-12-30 00:00:00+08
|复制
3、修改role2密码
omm=# ALTER ROLE role2 IDENTIFIED BY 'role@123' replace 'role_456';
NOTICE: The encrypted password contains MD5 ciphertext, which is not secure.
omm=# ALTER ROLE复制
4、将omm权限授权给role3,再回收role3的权限
omm-# \du role3
List of roles
Role name | Attributes | Member of
-----------+------------+-----------
role3 | | {}
omm=# GRANT omm to role3 with admin option;
GRANT ROLE
omm=# \du role3;
List of roles
Role name | Attributes | Member of
-----------+------------+-----------
role3 | | {omm}
omm=# revoke omm from role3;
REVOKE ROLE
omm=# \du role3;
List of roles
Role name | Attributes | Member of
-----------+------------+-----------
role3 | | {}复制
5、删除所有创建角色,过程中使用\du或\du+查看角色信息
omm=# \du
List of roles
Role name | Attributes
| Member of
-----------+------------------------------------------------------------------------------------------------------------------
+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT
| {}
role10 | Cannot login, Sysadmin
| {}
role2 | Cannot login +
| {}
| Role valid begin 2021-12-04 00:00:00+08 +
|
| Role valid until 2021-12-30 00:00:00+08
|
role3 |
| {}
omm=# drop role role10;
DROP ROLE
omm=# drop role role2;
DROP ROLE
omm=# drop role role3;
DROP ROLE
omm=# \du
-----------+------------------------------------------------------------------------------------------------------------------
+-----------
gaussdb | Sysadmin
| {}
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT
| {}
List of roles
Role name | Attributes
| Member of复制
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
评论
墨天轮福利君
3年前
评论
0您好,您的文章已入选合格奖,10墨值奖励已经到账请查收!
❤️我们还会实时派发您的流量收益。
3年前
点赞 评论
相关阅读
openGauss荣获中国软件行业协会多奖项,技术升级再创行业新高度
openGauss
549次阅读
2025-04-30 14:30:58
MogDB 发布更新,解决 openGauss 数据库在长事务情况下Ustore表膨胀问题
MogDB
307次阅读
2025-04-17 10:41:41
MogDB 发布更新,解决 openGauss 数据库在长事务情况下Ustore表膨胀问题
云和恩墨
201次阅读
2025-04-16 09:52:02
GitCode 成 openGauss 新归宿,国产开源数据库里程碑事件
严少安
171次阅读
2025-04-27 11:37:53
荣誉时刻!openGauss认证证书快递已发,快来看看谁榜上有名!
墨天轮小教习
162次阅读
2025-04-23 17:39:13
单个执行机并行执行MySQL到openGauss数据迁移子任务
Clipnosis
150次阅读
2025-04-30 16:39:58
openGauss6.0.0适配操作系统自带的软件,不依赖三方库
来杯拿铁
95次阅读
2025-04-18 10:49:53
Postgresql数据库单个Page最多存储多少行数据
maozicb
91次阅读
2025-04-23 16:02:19
openGauss新特性 | openGauss-DataVec向量数据库特性介绍
openGauss
65次阅读
2025-04-17 10:41:47
RISC-V 首迎 openGauss 7.0.0-RC1 全量版适配!数据库核心功能完整落地开源架构
openGauss
49次阅读
2025-04-16 10:33:59
