vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/umn/dws_03_0195.html
Lu, Huayi 95132e24fc DWS UMN 830.201_new version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-05-27 11:54:34 +00:00

54 lines
14 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001330648784"></a><a name="EN-US_TOPIC_0000001330648784"></a>
<h1 class="topictitle1">How Do I Revoke the CONNECT ON DATABASE Permission from a User?</h1>
<div id="body0000001330648784"><div class="section" id="EN-US_TOPIC_0000001330648784__section9996743124913"><h4 class="sectiontitle">Scenario</h4><p id="EN-US_TOPIC_0000001330648784__p1862165234915">In a service, the permission of user <strong id="EN-US_TOPIC_0000001330648784__b32791853339">u1</strong> to connect to a database needs to be revoked. After the <strong id="EN-US_TOPIC_0000001330648784__b9967103117329">REVOKE CONNECT ON DATABASE <em id="EN-US_TOPIC_0000001330648784__i0822185842919">gaussdb</em> FROM u1;</strong> command is executed successfully, user <strong id="EN-US_TOPIC_0000001330648784__b161012335529">u1</strong> can still connect to the database. This means the revocation does not take effect.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001330648784__section14310919195012"><h4 class="sectiontitle">Cause Analysis</h4><p id="EN-US_TOPIC_0000001330648784__p099187133216">If you run the <strong id="EN-US_TOPIC_0000001330648784__b122922318563">REVOKE CONNECT ON DATABASE gaussdb from u1</strong> command to revoke the permissions of user <strong id="EN-US_TOPIC_0000001330648784__b14857181114569">u1</strong>, the revocation does not take effect because the <strong id="EN-US_TOPIC_0000001330648784__b698863014560">CONNECT</strong> permission of the database is granted to <strong id="EN-US_TOPIC_0000001330648784__b129378374563">PUBLIC</strong>. Therefore, you need to specify <strong id="EN-US_TOPIC_0000001330648784__b6512950125615">PUBLIC</strong>.</p>
<ul id="EN-US_TOPIC_0000001330648784__ul133213015317"><li id="EN-US_TOPIC_0000001330648784__li19321030185312"><span id="EN-US_TOPIC_0000001330648784__text157790942211120">GaussDB(DWS)</span> provides an implicitly defined group <strong id="EN-US_TOPIC_0000001330648784__b109928155011120">PUBLIC</strong> that contains all roles. By default, all new users and roles have the permissions of <strong id="EN-US_TOPIC_0000001330648784__b117243267911120">PUBLIC</strong>. To revoke permissions of <strong id="EN-US_TOPIC_0000001330648784__b47998639511120">PUBLIC</strong> from a user or role, or re-grant these permissions to them, add the <strong id="EN-US_TOPIC_0000001330648784__b141796824911120">PUBLIC</strong> keyword in the <strong id="EN-US_TOPIC_0000001330648784__b153817746211120">REVOKE</strong> or <strong id="EN-US_TOPIC_0000001330648784__b164947958311120">GRANT</strong> statement.</li><li id="EN-US_TOPIC_0000001330648784__li295218475310"><span id="EN-US_TOPIC_0000001330648784__text123451682811120">GaussDB(DWS)</span> grants the permissions for objects of certain types to <strong id="EN-US_TOPIC_0000001330648784__b84066498711120">PUBLIC</strong>. By default, permissions on tables, columns, sequences, foreign data sources, foreign servers, schemas, and tablespaces are not granted to <strong id="EN-US_TOPIC_0000001330648784__b193918357513">PUBLIC</strong>, but the following permissions are granted to <strong id="EN-US_TOPIC_0000001330648784__b14405586519">PUBLIC</strong>;<ul id="EN-US_TOPIC_0000001330648784__ul1118315221635"><li id="EN-US_TOPIC_0000001330648784__li11668142014320"><strong id="EN-US_TOPIC_0000001330648784__b1849491268">CONNECT</strong> permission of a database</li><li id="EN-US_TOPIC_0000001330648784__li5669620031"><strong id="EN-US_TOPIC_0000001330648784__b2159459862">CREATE TEMP TABLE</strong> permission of a database</li><li id="EN-US_TOPIC_0000001330648784__li1467015201037"><strong id="EN-US_TOPIC_0000001330648784__b1284718101879">EXECUTE</strong> permission of a function</li><li id="EN-US_TOPIC_0000001330648784__li15344223658"><strong id="EN-US_TOPIC_0000001330648784__b9852301583">USAGE</strong> permission for languages and data types (including domains)</li></ul>
</li><li id="EN-US_TOPIC_0000001330648784__li2907927558">An object owner can revoke the default permissions granted to <strong id="EN-US_TOPIC_0000001330648784__b166283075111120">PUBLIC</strong> and grant permissions to other users as needed.</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0000001330648784__section77439326119"><h4 class="sectiontitle">Example Operations</h4><p id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_p181721498341">Run the following command to revoke the permission for user <strong id="EN-US_TOPIC_0000001330648784__b1819011511910">u1</strong> to access database <strong id="EN-US_TOPIC_0000001330648784__b176051171291">gaussdb</strong>:</p>
<ol id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_ol6743141783510"><li id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_li769118455376"><span>Connect to the GaussDB(DWS) database <strong id="EN-US_TOPIC_0000001330648784__b1347675917919">gaussdb</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_s9d7a80ebd9b3436680b2c7edd8546782"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">gsql</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="n">gaussdb</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="mi">8000</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="mi">192</span><span class="p">.</span><span class="mi">168</span><span class="p">.</span><span class="n">x</span><span class="p">.</span><span class="n">xx</span><span class="w"> </span><span class="o">-</span><span class="n">U</span><span class="w"> </span><span class="n">dbadmin</span><span class="w"> </span><span class="o">-</span><span class="n">W</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="o">-</span><span class="n">r</span>
<span class="n">gaussdb</span><span class="o">=&gt;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_li074351717350"><span>Create user <strong id="EN-US_TOPIC_0000001330648784__b189415961454341">u1</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_screen101876556233"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">gaussdb</span><span class="o">=&gt;</span><span class="w"> </span><span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="n">IDENTIFIED</span><span class="w"> </span><span class="k">BY</span><span class="w"> </span><span class="s1">'xxxxxxxx'</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_li13649112517350"><span>Verify that user <strong id="EN-US_TOPIC_0000001330648784__b442110611104">u1</strong> can access GaussDB.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_screen15872104753610"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">gsql</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="n">gaussdb</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="mi">8000</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="mi">192</span><span class="p">.</span><span class="mi">168</span><span class="p">.</span><span class="n">x</span><span class="p">.</span><span class="n">xx</span><span class="w"> </span><span class="o">-</span><span class="n">U</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="o">-</span><span class="n">W</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="o">-</span><span class="n">r</span>
<span class="n">gaussdb</span><span class="o">=&gt;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_li1752013693916"><span>Connect to database <strong id="EN-US_TOPIC_0000001330648784__b42612013141011">gaussdb</strong> as administrator <strong id="EN-US_TOPIC_0000001330648784__b78411188105">dbadmin</strong> and run the REVOKE command to revoke the <strong id="EN-US_TOPIC_0000001330648784__b644402820107">connect on database</strong> permission of user <strong id="EN-US_TOPIC_0000001330648784__b693084611103">public</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_screen7239102724415"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">gsql</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="n">gaussdb</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="mi">192</span><span class="p">.</span><span class="mi">168</span><span class="p">.</span><span class="n">x</span><span class="p">.</span><span class="n">xx</span><span class="w"> </span><span class="o">-</span><span class="n">U</span><span class="w"> </span><span class="n">dbadmin</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="mi">8000</span><span class="w"> </span><span class="o">-</span><span class="n">r</span>
</pre></div></td></tr></table></div>
</div>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330648784__screen12760183514488"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">gaussdb</span><span class="o">=&gt;</span><span class="w"> </span><span class="k">REVOKE</span><span class="w"> </span><span class="k">CONNECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">DATABASE</span><span class="w"> </span><span class="n">gaussdb</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="k">public</span><span class="p">;</span>
<span class="k">REVOKE</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_li12432122154019"><span>Verify the result. Use <strong id="EN-US_TOPIC_0000001330648784__b1484219542105">u1</strong> to connect to the database. If the following information is displayed, the <strong id="EN-US_TOPIC_0000001330648784__b22763916117">connect on database</strong> permission of user <strong id="EN-US_TOPIC_0000001330648784__b1647931461113">u1</strong> has been revoked successfully:</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330648784__en-us_topic_0000001211433461_screen18761826174114"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">gsql</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="n">gaussdb</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="mi">8000</span><span class="w"> </span><span class="o">-</span><span class="n">h</span><span class="w"> </span><span class="mi">192</span><span class="p">.</span><span class="mi">168</span><span class="p">.</span><span class="n">x</span><span class="p">.</span><span class="n">xx</span><span class="w"> </span><span class="o">-</span><span class="n">U</span><span class="w"> </span><span class="n">u1</span><span class="w"> </span><span class="o">-</span><span class="n">W</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="o">-</span><span class="n">r</span>
<span class="n">gsql</span><span class="p">:</span><span class="w"> </span><span class="n">FATAL</span><span class="p">:</span><span class="w"> </span><span class="n">permission</span><span class="w"> </span><span class="n">denied</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="k">database</span><span class="w"> </span><span class="ss">&quot;gaussdb&quot;</span>
<span class="n">DETAIL</span><span class="p">:</span><span class="w"> </span><span class="k">User</span><span class="w"> </span><span class="n">does</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="n">have</span><span class="w"> </span><span class="k">CONNECT</span><span class="w"> </span><span class="n">privilege</span><span class="p">.</span>
</pre></div></td></tr></table></div>
</div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_03_0110.html">Account, Password, and Permission</a></div>
</div>
</div>
View Git Blame Copy Permalink