forked from docs/doc-exports
luhuayi
3a18074b37
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: luhuayi <luhuayi@huawei.com> Co-committed-by: luhuayi <luhuayi@huawei.com>
73 lines
20 KiB
HTML
73 lines
20 KiB
HTML
<a name="EN-US_TOPIC_0000001330808760"></a><a name="EN-US_TOPIC_0000001330808760"></a>
|
|
|
|
<h1 class="topictitle1">How Do I Grant the Permissions of a Schema to a Specified GaussDB(DWS) User?</h1>
|
|
<div id="body0000001330808760"><p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p727921318196">This section explains how to give query permission for schema-level permissions. If you need other permissions, see <span id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_ph363413521358">"How Do I Grant Table Permissions to a User?" in FAQ.</span></p>
|
|
<ul id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_ul49631528181910"><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li154565610310">Permission for a table in a schema</li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li15963162811198">Permission for all the tables in a schema</li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li109636288191">Permission for tables to be created in the schema<div class="caution" id="EN-US_TOPIC_0000001330808760__note11764212332"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0000001330808760__p373854413425">The VACUUM, DROP, and ALTER permissions on foreign tables cannot be granted to users.</p>
|
|
</div></div>
|
|
</li></ul>
|
|
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p79321327998">Assume that there are users <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b629793423714">jim</strong> and <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b6161135193712">mike</strong>, and two schemas named after them. User <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b19946135610374">mike</strong> needs to access tables in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b364159143714">jim</strong>, as shown in <a href="#EN-US_TOPIC_0000001330808760__fig85201744134414">Figure 1</a>.</p>
|
|
<div class="fignone" id="EN-US_TOPIC_0000001330808760__fig85201744134414"><a name="EN-US_TOPIC_0000001330808760__fig85201744134414"></a><a name="fig85201744134414"></a><span class="figcap"><b>Figure 1 </b>User <strong id="EN-US_TOPIC_0000001330808760__b1288668010">mike</strong> accesses a table in SCHEMA <strong id="EN-US_TOPIC_0000001330808760__b36381910318">jim</strong>.</span><br><span><img id="EN-US_TOPIC_0000001330808760__image1733253012440" src="figure/en-us_image_0000001936081689.png" width="523.6875" height="334.57067700000005" title="Click to enlarge" class="imgResize"></span></div>
|
|
<p id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_p1992675371917"></p>
|
|
<ol id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_ol1594761512175"><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li194331127133712"><span>Connect to your database as <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b55813395380">dbadmin</strong>. Run the following statements to create users <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b458153913389">jim</strong> and <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1658193993812">mike</strong>. Two schemas will be created and named after the users by default.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen156514510565"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
|
|
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">jim</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span>
|
|
<span class="k">CREATE</span><span class="w"> </span><span class="k">USER</span><span class="w"> </span><span class="n">mike</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{password}'</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li17661019135715"><span>Create tables <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b15256122823913">jim.name</strong> and <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1291315463391">jim.address</strong> in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1926314284395">jim</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen17411951525"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
|
|
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">name</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span>
|
|
<span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">address</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li147751018124419"><span>Grant the access permission of schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b101611057183910">jim</strong> to user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b0122155818393">mike</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen12850111794616"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">USAGE</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">jim</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">mike</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li185386414379"><a name="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li185386414379"></a><a name="en-us_topic_0000001239662887_li185386414379"></a><span>Grant user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b754315964014">mike</strong> the permission to query table <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b481201216408">jim.name</strong> in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b240911314403">jim</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen183301354194616"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">name</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">mike</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li89842328507"><span>Start a new session and connect to the database as user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b2171182094014">mike</strong>. Verify that user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b141774201405">mike</strong> can query the <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b417717206403">jim.name</strong> table but not the <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1378225014404">jim.address</strong> table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen222547115311"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
|
|
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">name</span><span class="p">;</span>
|
|
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">address</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001330808760__p1458412131304"><span><img id="EN-US_TOPIC_0000001330808760__image155504141003" src="figure/en-us_image_0000001936107161.png" width="523.6875" height="72.47555700000001" title="Click to enlarge" class="imgResize"></span></p>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li19719925165212"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b3960153634212">dbadmin</strong>, grant user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b920819566429">mike</strong> the permission to query all the tables in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1542384316">jim</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen3511190185313"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">jim</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">mike</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li19640135718612"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b730913724320">mike</strong>, verify that <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b9120348164319">mike</strong> can query all tables.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen2015015161571"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
|
|
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">name</span><span class="p">;</span>
|
|
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">address</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001330808760__p7592941916"><span><img id="EN-US_TOPIC_0000001330808760__image843825717" src="figure/en-us_image_0000001936108293.png" width="523.6875" height="69.024473" title="Click to enlarge" class="imgResize"></span></p>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li153703571679"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b189007124916">dbadmin</strong>, create table<strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b152672894915"> jim.employ</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen12324121189"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">employ</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li13195113612813"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b12212895012">mike</strong>, verify that user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1574701885018">mike</strong> does not have the query permission for <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b159141023185020">jim.employ</strong>. It indicates that user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b198601348504">mike</strong> has the permission to access all the existing tables in schema <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b135971200519">jim</strong>, but not the tables to be created in the future.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen18446163317132"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">employ</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001330808760__p18763812921"><span><img id="EN-US_TOPIC_0000001330808760__image45837136212" src="figure/en-us_image_0000001936109033.png" width="523.6875" height="43.183637" title="Click to enlarge" class="imgResize"></span></p>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li398520110127"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__b157215229406">dbadmin</strong>, grant user <strong id="EN-US_TOPIC_0000001330808760__b1857302213406">mike</strong> the permission to query the tables to be created in schema <strong id="EN-US_TOPIC_0000001330808760__b4573192215407">jim</strong>. Create table <strong id="EN-US_TOPIC_0000001330808760__b10573112254016">jim.hobby</strong>.</span><p><div class="p" id="EN-US_TOPIC_0000001330808760__p68618382563"><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen1847863741311"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
|
|
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">DEFAULT</span><span class="w"> </span><span class="k">PRIVILEGES</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">jim</span><span class="w"> </span><span class="k">IN</span><span class="w"> </span><span class="k">SCHEMA</span><span class="w"> </span><span class="n">jim</span><span class="w"> </span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">TABLES</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">mike</span><span class="p">;</span>
|
|
<span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">hobby</span><span class="w"> </span><span class="p">(</span><span class="n">c1</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="n">c2</span><span class="w"> </span><span class="nb">int</span><span class="p">);</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
</div>
|
|
</p></li><li id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li72582301146"><span>In the session started by user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b3694133017515">mike</strong>, verify that user <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b1269420301514">mike</strong> can access table <strong id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_b199343965120">jim.hobby</strong>, but does not have the permission to access <strong id="EN-US_TOPIC_0000001330808760__b525914378461">jim.employ</strong>. To let the user access table <strong id="EN-US_TOPIC_0000001330808760__b9259937174611">jim.employ</strong>, you can grant permissions by performing <a href="#EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_li185386414379">4</a>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001330808760__en-us_topic_0000001239662887_screen19459152961712"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">jim</span><span class="p">.</span><span class="n">hobby</span><span class="p">;</span>
|
|
</pre></div></td></tr></table></div>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001330808760__p59191694314"><span><img id="EN-US_TOPIC_0000001330808760__image01267111136" src="figure/en-us_image_0000001894150128.png" width="523.6875" height="37.426466000000005" title="Click to enlarge" class="imgResize"></span></p>
|
|
</p></li></ol>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_03_0110.html">Account Permissions</a></div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<script language="JavaScript">
|
|
<!--
|
|
image_size('.imgResize');
|
|
var msg_imageMax = "view original image";
|
|
var msg_imageClose = "close";
|
|
//--></script> |