forked from docs/doc-exports
luhuayi
177cd61a57
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: luhuayi <luhuayi@huawei.com> Co-committed-by: luhuayi <luhuayi@huawei.com>
23 lines
3.4 KiB
HTML
23 lines
3.4 KiB
HTML
<a name="EN-US_TOPIC_0000002136265437"></a><a name="EN-US_TOPIC_0000002136265437"></a>
|
|
|
|
<h1 class="topictitle1">USER Object Design</h1>
|
|
<div id="body8662426"><div class="section" id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_section348916349406"><h4 class="sectiontitle">Rule 2.5: Following the Least Privilege Principle and Avoiding Running Services Using Users with Special Permissions</h4><div class="note" id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_note73466259280"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_p14798121135710"><strong id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_b230583668112453">Impact of rule violation:</strong></p>
|
|
<ul id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_ul879872195710"><li id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_li183727447586">Administrators have full access to a lot of things in the system and using these users to run services can pose security and control risks.</li></ul>
|
|
<p id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_p13799121195711"><strong id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_b1903018770112623">Solution:</strong></p>
|
|
<ul id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_ul177993217578"><li id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_li9799182116577">It is advised to use common users for service running, reserving users with special permissions for management operations.</li></ul>
|
|
</div></div>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_section20111104754013"><h4 class="sectiontitle">Rule 2.6: Avoiding the Use of a Single Database Account for All Services</h4><div class="note" id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_note17427145919718"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_p42334441334"><strong id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_b1408520298112453">Impact of rule violation:</strong></p>
|
|
<ul id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_ul823384423314"><li id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_li152338441336">Using a single database user for all services hinders effective service management and control. In abnormal situations, it becomes impossible to isolate specific users for emergency purposes.</li></ul>
|
|
<p id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_p1323344463316"><strong id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_b71850786112623">Solution:</strong></p>
|
|
<ul id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_ul789802417470"><li id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_li973010285536">Create administrators, service operation users, and O&M users for different purposes.</li><li id="EN-US_TOPIC_0000002136265437__en-us_topic_0000002100207550_li17898924194710">Use different users to run different services for improved management and allocation of services and resources.</li></ul>
|
|
</div></div>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0104.html">GaussDB(DWS) Object Design Specifications</a></div>
|
|
</div>
|
|
</div>
|
|
|