Updated on 2024-05-07 GMT+08:00

Users

You can use CREATE USER and ALTER USER to create and manage database users, respectively. A database cluster can have one or more databases. Users and roles are shared within the entire cluster, but their data is not shared. That is, a user can connect to any database, but after the connection is successful, any user can access only the database declared in the connection request.

In modes other than separation of duties, GaussDB user accounts can be created and deleted only by a system administrator or a security administrator with the CREATEROLE attribute. In separation-of-duties mode, a user account can be created only by an initial user or a security administrator.

When a user logs in, GaussDB authenticates the user. A user can own databases and database objects (such as tables), and grant permissions of these objects to other users and roles. In addition to system administrators, users with the CREATEDB attribute can create databases and grant permissions on these databases.

Adding, Modifying, and Deleting Users

  • To create a user, use the SQL statement CREATE USER.
    For example, create user joe and set the CREATEDB attribute for the user.
    1
    2
    gaussdb=# CREATE USER joe WITH CREATEDB PASSWORD "*******";
    CREATE ROLE
    
  • To create a system administrator, use the CREATE USER statement with the SYSADMIN option.
  • To delete an existing user, use DROP USER.
  • To change a user account (for example, rename the user or change the password), use ALTER USER.
  • To view a user list, query the PG_USER view.
    1
    gaussdb=# SELECT * FROM pg_user;
    
  • To view user attributes, query the PG_AUTHID system catalog.
    1
    gaussdb=# SELECT * FROM pg_authid;
    

Permanent User

GaussDB provides a permanent user solution. You can create a permanent user with the PERSISTENCE attribute, which can use the service_reserved_connections channel to connect to the database.

service_reserved_connections indicates the minimum number of connections reserved with the PERSISTENCE attribute. You are advised not to set this parameter to a large value.

1
gaussdb=# CREATE USER user_persistence WITH PERSISTENCE IDENTIFIED BY "********";

Only the initial user is allowed to create, modify, and delete permanent users with the PERSISTENCE attribute.