openGauss每日一练第四天
openGauss 每日一练第四天
本文出处:https://www.modb.pro/db/193083
学习地址
https://www.modb.pro/course/133
学习目标
学习 openGauss 创建角色、修改角色属性、更改角色权限和删除角色 角色是用来管理权限的,从数据库安全的角度考虑,可以把所有的管理和操作权限划分到不同的角色上
课后作业
过程中使用\du 或\du+查看角色信息
1.创建角色 role1 为系统管理员, role2 指定生效日期, role3 具有 LOGIN 属性
SQL文本:
create role role1 sysadmin identified by 'role1_123';
create role role2 identified by 'role2_123' vaild begein '2021-11-11';
create role role3 login identified by 'role3_123';
\du+
omm=# create role role1 sysadmin identified by 'role1_123';
CREATE ROLE
omm=# create role role2 identified by 'role2_123' valid begin '2021-11-11';
CREATE ROLE
omm=# create role role3 login identified by 'role3_123';
CREATE ROLE
omm=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------------------------------------------------------------+-----------+-------------
lizi | Create role, Create DB, Replication, Administer audit, Sysadmin, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
role1 | Cannot login, Sysadmin | {} |
role2 | Cannot login +| {} |
| Role valid begin 2021-11-11 00:00:00+08 | |
role3 | | {} |
omm=#
2.重命名 role1
SQL文本:
alter role role1 rename to role111;
\du+
omm=# alter role role1 rename to role111;
ALTER ROLE
omm=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------------------------------------------------------------+-----------+-------------
lizi | Create role, Create DB, Replication, Administer audit, Sysadmin, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
role111 | Cannot login, Sysadmin | {} |
role2 | Cannot login +| {} |
| Role valid begin 2021-11-11 00:00:00+08 | |
role3 | | {} |
omm=#
3.修改 role2 密码
SQL文本:
alter role role2 identified by 'role2_456' replace 'role2_123'
或者
alter role role2 identified by 'role2_789';
omm=# alter role role2 identified by 'role2_456' replace 'role2_456';
ALTER ROLE
omm=# alter role role2 identified by 'role2_789';
ALTER ROLE
omm=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------------------------------------------------------------+-----------+-------------
lizi | Create role, Create DB, Replication, Administer audit, Sysadmin, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
role111 | Cannot login, Sysadmin | {} |
role2 | Cannot login +| {} |
| Role valid begin 2021-11-11 00:00:00+08 | |
role3 | | {} |
omm=#
4.将 omm 权限授权给 role3,再回收 role3 的权限
SQL文本:
grant omm to role3;
\du+
revoke all privilege from role3;
\du+
omm=# grant omm to role3;
GRANT ROLE
omm=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------------------------------------------------------------+-----------+-------------
lizi | Create role, Create DB, Replication, Administer audit, Sysadmin, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
role111 | Cannot login, Sysadmin | {} |
role2 | Cannot login +| {} |
| Role valid begin 2021-11-11 00:00:00+08 | |
role3 | | {omm} |
utest | | {} |
omm=# revoke all privilege from role3;
ALTER ROLE
omm=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------------------------------------------------------------+-----------+-------------
lizi | Create role, Create DB, Replication, Administer audit, Sysadmin, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
role111 | Cannot login, Sysadmin | {} |
role2 | Cannot login +| {} |
| Role valid begin 2021-11-11 00:00:00+08 | |
role3 | | {omm} |
omm=#
5.删除所有创建角色
SQL文本:
drop role role1;
drop role role2;
drop role role3;
\du+
omm=# drop role role111;
DROP ROLE
omm=# drop role role2;
drop role role3;
DROP ROLE
omm=# drop role role3;
DROP ROLE
omm=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------------------------------------------------------------+-----------+-------------
lizi | Create role, Create DB, Replication, Administer audit, Sysadmin, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
omm | Sysadmin, Create role, Create DB, Replication, Administer audit, Monitoradmin, Operatoradmin, Policyadmin, UseFT | {} |
omm=#
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了