授予数据库账号dba权限_数据库用户和权限
數據庫用戶權限應該按照用戶用途最小化。
數據庫用戶數據庫用戶類型DBA在安裝時,Vertica數據庫自動創建超級用戶。默認是dbadmin。該用戶不可被刪除。具有如下不可撤銷的角色: DBADMIN DBDUSER PSEUDOSUPERUSER 這些角色可以允許dbadmin執行所有的數據庫操作。
--創建其他的DBA賬戶
dbadmin=> create user dbadmin2 ;
CREATE USER
dbadmin=> grant dbduser,dbadmin,pseudosuperuser to dbadmin2 ;
GRANT ROLE
dbadmin=> \c - dbadmin2
You are now connected as user "dbadmin2".
dbadmin=> set role dbadmin,dbduser,pseudosuperuser;
SET
dbadmin=> show enabled roles;
name | setting
--------------+----------------------------------
enabled roles | dbduser, dbadmin, pseudosuperuser
對象所有者創建特定數據庫對象的用戶,就是object owner。 只有object owner和superuser才能對特定數據庫對象進行操作。 如果需要允許其他用戶允許訪問、操作該數據庫對象,需要使用grant進行賦權。其他(PUBLIC)所有非DBA、非object owner的賬戶,為其他賬戶。 新創建的用戶默認沒有訪問PUBLIC schema的權限,需要賦權 grant usage on schema public to xxx ;
創建數據庫用戶
新建的用戶默認只具有創建臨時表的權限。
鎖定用戶賬號
alter user username account lock?\[ unlock \] ;
\\
create user username account lock ;
設置/更改用戶密碼
alter user username identified by 'password';
數據庫角色
role是一組權限的集合,可以被賦予一個/多個用戶或其他角色。預定義數據庫角色:
角色說明
DBADMIN創建用戶和角色,對其授權等等
創建和刪除schemas
查看所有系統表
查看/終止用戶session
Access all data
PSEUDOSUPERUSER繞過所有grant/revoke authorization
創建schema和表
創建用戶和角色,并對其授權
更新用戶賬戶 (密碼/鎖定等)
創建和刪除UDF library和function,或者其他外部procedure
DBDUSERcall Database Designer function
SYSMONITOR查看所有標記為可監控的系統表 => select * from system_tables where is_monitorable='t';
PUBLIC
查看可用/已啟用角色
-- 查看所有可用角色
SHOW AVAILABLE ROLES ;
-- 查看所有以啟用角色
SHOW ENABLED ROLES ;
-- 查看所有可用角色
select * from roles ;
-- 查看所有用戶
select * from v_catalog.users;
-- 查看當前用戶的被授權
select * from grants ;
數據庫權限
superuser具有所有權限。
Schemas級別
操作所需權限
create schemacreate on database databaseName
drop schemaschema的創建者
alter schemacreate on database databaseName
Tables級別
操作所需權限
create tablecreate on schema schemaName
drop tablecreate on schema schemaName 或?usage on schema schemaName 或是 schema的創建者 或是表的創建者
truncate tableusage on schema schemaName 或是 schema的創建者
alter table add/drop/rename/alter-type columnusage on schema schemaName
alter table add/drop constraintusage on schema schemaName
alter table partition (reorganize)usage on schema schemaName
alter table renameusage/create privileges on the schema that contains the table
alter table ... set schemacreate on new schema AND usage on old schema
selectusage on schema AND select on table
insertusage on schema AND insert on table
deleteusage on schema AND DELETE/SELECT on table
updateusage on schema AND UPDATE/SELECT on table
REFERENCESusage on schema AND?REFERENCES to create foreign key constraints that reference this table
analyze_statistics
analyze_statistics_partitionusage on schema AND INSERT | DELETE | UPDATE? on table
drop_statisticsusage on schema AND?INSERT | DELETE | UPDATE? on table
drop_partitionsusage on schema
Views級別
操作所需權限
create viewcreate on schema AND select on BaseObjects
drop viewusage on schema And owner of view
selectview owner must have select ... with grant options
usage on schema
select on view
Projections級別
操作所需權限
create projectionselect on theTable AND? [? usage and create on schema? | schema owner ]
auto / delayed projectionselect on theTable AND usage on schema
alter projectionusage AND create on schema
drop projectionusage on schema Or owner
External Procedures級別
操作所需權限
create proceduresuperuser
drop proceduresuperuser
executeusage on schema AND execute on procedure
Libraries級別
操作所需權限
create librarysuperuser
drop librarysuperuser
User-Defined Functions級別
UDF = ScalarUDT = TransformUDAnF= AnalyticUDAF = Aggregate
操作所需權限
create function(SQL)
create function(scalar)
create transform function
create analytic function(UDFnF)
create aggregate function(UDAF)create on schema
AND
usage on baseLibrary
drop function
drop transform function
drop analytic function
drop aggregate functionusage on schema
AND
owner of function
alter function(scalar) ... rename tousgae And Create on schema
alter function(scalar) ... set schemausage on old schame
AND
create on new schema
execute(SQL/UDF/UDT/ADAF/UDAnF) functionusage on schema AND execute on function
Sequences級別
操作所需權限
create sequencecreate on schema
drop sequenceusage on schema Or owner
alter sequenceusgae AND create on schema
alter sequence ... set schemausage on old schema AND create on new schema
currval / nextvalusage on schema AND select on sequence
Resource Pools級別
操作所需權限
create resource poolsuperuser
alter resource poolsuperuser:
can modify these : MAXMEMORYSIZE PRIORITY QUEUETIMEOUT
normal-user:
update on resource pool ( can modify these : PLANNEDCONCURRENCY SINGLEINITIATOR MAXCONCURRENCY)
set session resource poolusage on resource_pool and? user can change their own resource pool
drop resource poolsuperuser
Users/Profiles/Roles級別
操作所需權限
create user/profile/rolesuperuser
alter user/profile/rolesuperuser
drop user/profile/rolesuperuser
Object Visibility級別
操作所需權限
look up schemaAt least one? privilege on schema
look up object in schema or in system tablesusgae on schema
AND
at least on privilege on any of the following objects : table/view/function/procedure/sequence
look up projectionat least on privilege on All anchor tables And usage on the schema of all anchor tables
look up resource poolselect on resource pool
existence of objectusage on schema
I/O Operations級別
操作所需權限
connect to verticadisconnectnone
export to verticaselect on source table
usage on source schema
insert on destination table
usage on destination schema
copy from verticausage on source/destination schema
select on source table
insert on destination table
copy from filesuperuser
copy from STDINusage on schema
insert on table
copy localusage on schema
insert on table
Comments級別
操作所需權限
comment on?{one of } :
AGGREGATE FUNCTION
ANALYTIC FUNCTION
CONSTRAINT
FUNCTION
LIBRARY
NODE
PROJECTION
PROJECTION COLUMN
SCHEMA
SEQUENCE
TABLE
TABLE COLUMN
TRANSFORM FUNCTION
VIEWobject owner or superuser
Tuning Operations級別
操作所需權限
profileSame privileges required to run the query being profiled
explainSame privileges required to run the query for which you use the EXPLAIN keyword
Access策略
列 access polices
行 access polices
Access Policies and DML Operations
Access Policies and Query Optimization
管理Access policies
總結
以上是生活随笔為你收集整理的授予数据库账号dba权限_数据库用户和权限的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 井下三专两闭锁的内容_局部通风机三专两闭
- 下一篇: server2008 sql 账号只读权