Updated on 2024-09-30 GMT+08:00

Database Users

Without separation of permissions, GaussDB(DWS) supports two types of database accounts: administrator and common user. For details about user types and permissions under separation of permissions, see Separation of Permissions.

  • The administrator can manage all common users and databases.
  • Common users can connect to and access the database, and perform specific database operations and execute SQL statements after being authorized.

Users are authenticated when they log in to the GaussDB(DWS) database. A user can own databases and database objects (such as tables), and grant permissions of these objects to other users and roles. In addition to system administrators, users with the CREATEDB attribute can create databases and grant permissions to these databases.

Database User Types

Table 1 Database user types

User Type

Description

Allowed Operations

How to Create

Administrator dbadmin

An administrator, also called a system administrator, is an account with the SYSADMIN attribute.

If separation of permissions is not enabled, this account has the highest permission in the system and can perform all operations. The system administrator has the same permissions as the object owner.

  • User dbadmin created during cluster creation on the GaussDB(DWS) management console is a system administrator.
  • Use the CREATE USER or ALTER USER syntax to create an administrator.
    CREATE USER sysadmin WITH SYSADMIN password '{Password}';
    ALTER USER u1 SYSADMIN;

Common user

Common user

  • Use a tool to connect to the database.
  • Have the attributes of specific database system operations, such as CREATEDB, CREATEROLE, and SYSADMIN.
  • Access database objects.
  • Run SQL statements.

Run the CREATE USER syntax to create a common user.

CREATE USER u1 PASSWORD '{Password}';

Private user

A user created with the INDEPENDENT attribute in non-separation-of-permissions mode.

Database administrators can manage (DROP, ALTER, and TRUNCATE) objects of private users but cannot access (INSERT, DELETE, SELECT, UPDATE, COPY, GRANT, REVOKE, and ALTER OWNER) the objects before being authorized.

Use the CREATE USER syntax to create a private user.

CREATE USER user_independent WITH INDEPENDENT IDENTIFIED BY '{Password}';