Administrator

Initial User

The account automatically generated during the cluster installation is called the initial user. The initial user is also the system administrator, monitor administrator, O&M administrator, and security policy administrator. It has the highest permissions in the system and can perform all operations. If the initial user name is not set during the installation, the user name is the same as the name of the OS user who installs the cluster. If the password of the initial user is not set during the cluster installation, the password is empty after the installation. In this case, you need to set the password of the initial user on the gsql client before performing other operations. If the initial user password is empty, you cannot perform other SQL operations, such as upgrade, capacity expansion, and node replacement, except changing the password.

An initial user bypasses all permission checks. You are advised to use an initial user as a database administrator only for database management other than service running.

System Administrator

A system administrator is an account with the SYSADMIN attribute. By default, a system administrator has the same permissions as the object owner but does not have the object permissions in the dbe_perf schema or the permission to use Roach to perform backup and restoration.

To create a database administrator, connect to the database as an administrator and run the CREATE USER or ALTER USER statement with SYSADMIN specified.

1

openGauss=# CREATE USER sysadmin WITH SYSADMIN password "xxxxxxxxxxx";

or

1

openGauss=# ALTER USER joe SYSADMIN;

To run the ALTER USER statement, the user must exist.

Monitor Administrator

A monitor administrator is an account with the MONADMIN attribute and has the permission to view views and functions in the dbe_perf schema. The monitor administrator can also grant or revoke object permissions in the dbe_perf schema.

To create a monitor administrator, connect to the database as a system administrator and run the CREATE USER or ALTER USER statement with MONADMIN specified.

1

openGauss=# CREATE USER monadmin WITH MONADMIN password "xxxxxxxxxxx";

or

1

openGauss=# ALTER USER joe MONADMIN;

To run the ALTER USER statement, the user must exist.

O&M Administrator

An O&M administrator is an account with the OPRADMIN attribute and has the permission to use Roach to perform backup and restoration.

To create an O&M administrator, connect to the database as an initial user and run the CREATE USER or ALTER USER statement with OPRADMIN specified.

1

openGauss=# CREATE USER opradmin WITH OPRADMIN password "xxxxxxxxxxx";

or

1

openGauss=# ALTER USER joe OPRADMIN;

To run the ALTER USER statement, the user must exist.

Security Policy Administrator

A security policy administrator is an account with the POLADMIN attribute and has the permission to create resource tags, anonymization policies, and unified audit policies.

To create a security policy administrator, connect to the database as an administrator and run the CREATE USER or ALTER USER statement with POLADMIN specified.

1

openGauss=# CREATE USER poladmin WITH POLADMIN password "xxxxxxxxxxx";

or

1

openGauss=# ALTER USER joe POLADMIN;

To run the ALTER USER statement, the user must exist.

Logical Cluster Administrator

Common users in the logical cluster administrator role have the following more permissions than common users: (The current feature is a lab feature. Contact Huawei engineers for technical support before using it.)

• Create, modify, and delete resource pools in the associated logical cluster. (The current feature is a lab feature. Contact Huawei engineers for technical support before using it.)
• Grant the access permission on the associated logical cluster to other users or roles, or revoke the access permission from those users or roles.

For details about logical cluster user and permission management, see section "Logical Cluster Management > Managing Users and Permissions in a Logical Cluster" in Administrator Guide.