vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/umn/dws_03_0198.html
Lu, Huayi 95132e24fc DWS UMN 830.201_new version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-05-27 11:54:34 +00:00

34 lines
6.5 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001361046776"></a><a name="EN-US_TOPIC_0000001361046776"></a>
<h1 class="topictitle1">How Do I Create a Database Read-only User?</h1>
<div id="body0000001361046776"><div class="section" id="EN-US_TOPIC_0000001361046776__section18587136124211"><h4 class="sectiontitle">Scenario</h4><p id="EN-US_TOPIC_0000001361046776__p0329145416570">In service development, database administrators use schemas to classify data. For example, in the financial industry, liability data belong to schema <strong id="EN-US_TOPIC_0000001361046776__b118931210165017">s1</strong>, and asset data belong to schema <strong id="EN-US_TOPIC_0000001361046776__b2637131819506">s2</strong>.</p>
<p id="EN-US_TOPIC_0000001361046776__p1735143833310">Now you have to create a read-only user <strong id="EN-US_TOPIC_0000001361046776__b91931611204820">user1</strong> in the database. The user can access all tables (including new tables to be created in the future) in schema <strong id="EN-US_TOPIC_0000001361046776__b181421290529">s1</strong> for daily reading, but cannot insert, modify, or delete data.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001361046776__section19182184884216"><h4 class="sectiontitle">Principles</h4><p id="EN-US_TOPIC_0000001361046776__p14812174824218">DWS provides role-based user management. You need to create a read-only role <strong id="EN-US_TOPIC_0000001361046776__b1154515212569">role1</strong> and grant the role to <strong id="EN-US_TOPIC_0000001361046776__b15351109573">user1</strong>. </p>
</div>
<div class="section" id="EN-US_TOPIC_0000001361046776__section8934155784719"><h4 class="sectiontitle">Procedure</h4><ol id="EN-US_TOPIC_0000001361046776__ol20669138925"><li id="EN-US_TOPIC_0000001361046776__li17669584214"><span>Connect to the DWS database as user <strong id="EN-US_TOPIC_0000001361046776__b59209325567">dbadmin</strong>.</span></li><li id="EN-US_TOPIC_0000001361046776__li20669284219"><span>Run the following SQL statement to create role <strong id="EN-US_TOPIC_0000001361046776__b518724385817">role1</strong>:</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001361046776__screen146697819214"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">role1</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="n">disable</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001361046776__li10669128121"><span>Run the following SQL statement to grant permissions to <strong id="EN-US_TOPIC_0000001361046776__b158481257165819">role1</strong>:</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001361046776__screen13669381226"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">The</span><span class="w"> </span><span class="k">GRANT</span><span class="w"> </span><span class="k">usage</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">s1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">role1</span><span class="p">;</span><span class="w"> </span><span class="c1">-- grants the access permission to schema s1.</span>
<span class="k">GRANT</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">s1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">role1</span><span class="p">;</span><span class="w"> </span><span class="c1">-- grants the query permission on all tables in schema s1.</span>
<span class="k">ALTER</span><span class="w"> </span><span class="k">DEFAULT</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">tom</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">s1</span><span class="w"> </span><span class="k">GRANT</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">role1</span><span class="p">;</span><span class="w"> </span><span class="c1">-- grants schema s1 the permission to create tables. tom is the owner of schema s1.</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001361046776__li8669198525"><span>Run the following SQL statement to grant the role <strong id="EN-US_TOPIC_0000001361046776__b11310115615013">role1</strong> to the actual user <strong id="EN-US_TOPIC_0000001361046776__b8163631617">user1</strong>:</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001361046776__screen066918819212"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="n">role1</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">user1</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li></ol><ol start="5" id="EN-US_TOPIC_0000001361046776__ol46691081625"><li id="EN-US_TOPIC_0000001361046776__li10669881210"><span>Read all table data in schema <strong id="EN-US_TOPIC_0000001361046776__b19582173716310">s1</strong> as read-only user <strong id="EN-US_TOPIC_0000001361046776__b4771118635">user1</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_03_0110.html">Account, Password, and Permission</a></div>
</div>
</div>
View Git Blame Copy Permalink