Administrators
Initial User
The account automatically generated during database installation is called an initial user. The initial user is also a system administrator, monitor administrator, O&M administrator, and security policy administrator. It has the highest permissions in the system and can perform all operations. If the initial username is not specified during installation, the username is the same as the name of the OS user who installs the database. If the password of the initial user is not set during the installation, the password is empty after the installation. In this case, you need to change the password of the initial user on the gsql client before performing other operations. If the initial user password is empty, you cannot perform other SQL operations, such as upgrade, capacity expansion, and node replacement, except changing the password.
- The OID of the initial user is 10, which can be queried in the pg_roles view.
- An initial user bypasses all permission checks. It is recommended that this user be used only as a database administrator for database management instead of service applications.
System Administrator
A system administrator is an account with the SYSADMIN attribute. By default, a system administrator has the same permissions as the object owner but does not have the object permissions in the dbe_perf schema.
To create a system administrator, connect to the database as the initial user or a system administrator and use the CREATE USER or ALTER USER statement with the SYSADMIN option.
1
|
gaussdb=# CREATE USER sysadmin WITH SYSADMIN password "********"; |
Or
1
|
gaussdb=# ALTER USER joe SYSADMIN; |
To run the ALTER USER statement, the user must exist.
Security Administrator
A security administrator is an account with the CREATEROLE attribute. It has the permission to create, modify, and delete users or roles, and grant or revoke the permission of any non-system administrator, built-in role, permanent user, or O&M administrator.
If you want to create a security administrator and separation of duties is disabled, connect to the database as a system administrator or security administrator. If separation of duties is enabled, connect to the database as a security administrator and use the CREATE USER or ALTER USER statement with the CREATEROLE option.
1
|
gaussdb=# CREATE USER createrole WITH CREATEROLE password "********"; |
Or
1
|
gaussdb=# ALTER USER joe CREATEROLE; |
To run the ALTER USER statement, the user must exist.
Audit Administrator
An audit administrator is an account with the AUDITADMIN attribute, which has the permission to view and delete audit logs.
If you want to create an audit administrator and separation of duties is disabled, connect to the database as a system administrator or security administrator. If separation of duties is enabled, connect to the database only as the initial user and use the CREATE USER or ALTER USER statement with the AUDITADMIN option.
1
|
gaussdb=# CREATE USER auditadmin WITH AUDITADMIN password "********"; |
Or
1
|
gaussdb=# ALTER USER joe AUDITADMIN; |
To run the ALTER USER statement, the user must exist.
Monitor Administrator
A monitor administrator is an account with the MONADMIN attribute and has the permission to view views and functions in the dbe_perf schema. The monitor administrator can also grant or revoke object permissions in the dbe_perf schema.
To create a monitor administrator, connect to the database as a system administrator and use the CREATE USER or ALTER USER statement with the MONADMIN option.
1
|
gaussdb=# CREATE USER monadmin WITH MONADMIN password "********"; |
or
1
|
gaussdb=# ALTER USER joe MONADMIN; |
To run the ALTER USER statement, the user must exist.
O&M Administrator
An O&M administrator is an account with the OPRADMIN attribute and has the permission to use Roach to perform backup and restoration.
To create an O&M administrator, connect to the database as an initial user and use the CREATE USER or ALTER USER statement with the OPRADMIN option.
1
|
gaussdb=# CREATE USER opradmin WITH OPRADMIN password "********"; |
or
1
|
gaussdb=# ALTER USER joe OPRADMIN; |
To run the ALTER USER statement, the user must exist.
Security Policy Administrator
A security policy administrator is an account with the POLADMIN attribute and has the permission to create resource tags, masking policies, and unified audit policies.
To create a security policy administrator, connect to the database as an administrator and use the CREATE USER or ALTER USER statement with the POLADMIN option.
1
|
gaussdb=# CREATE USER poladmin WITH POLADMIN password "********"; |
or
1
|
gaussdb=# ALTER USER joe POLADMIN; |
To run the ALTER USER statement, the user must exist.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot