forked from docs/doc-exports
luhuayi
177cd61a57
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: luhuayi <luhuayi@huawei.com> Co-committed-by: luhuayi <luhuayi@huawei.com>
3.4 KiB
3.4 KiB
USER Object Design
Rule 2.5: Following the Least Privilege Principle and Avoiding Running Services Using Users with Special Permissions
Impact of rule violation:
- Administrators have full access to a lot of things in the system and using these users to run services can pose security and control risks.
Solution:
- It is advised to use common users for service running, reserving users with special permissions for management operations.
Rule 2.6: Avoiding the Use of a Single Database Account for All Services
Impact of rule violation:
- Using a single database user for all services hinders effective service management and control. In abnormal situations, it becomes impossible to isolate specific users for emergency purposes.
Solution:
- Create administrators, service operation users, and O&M users for different purposes.
- Use different users to run different services for improved management and allocation of services and resources.
Parent topic: GaussDB(DWS) Object Design Specifications