Updated on 2023-12-13 GMT+08:00

Role Management

This section describes how to create one or more roles and grant different permissions to each role.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and project.
  3. Click in the upper left corner, and under Databases, click Data Admin Service.
  4. In the navigation pane on the left, choose Development Tool.

    You can also click Go to Development Tool on the overview page.

  5. Locate the DB instance that you want to log in to and click Log In in the Operation column.
  6. On the top menu bar, choose Account Management > Role Management.
  7. On the role management page, click Create Role in the upper left corner.
  8. On the Basic Information tab page, enter a role name (mandatory), set a password, and confirm the password.

    You can select a role name from role members to grant permissions of an existing role to the current role.

    Figure 1 Creating a role

    If no password is set for the role (for example, role_03) or Allow Login is not selected for the role, role_03 cannot be used to log in to the database. If the permissions of role_03 are assigned to another role (for example, test_02), test_02 will have all the permissions of role_03.

  9. (Optional) On the Data Permissions tab page, click Add. In the displayed dialog box, specify details such as the resource type, keyspace name, and permissions as required, confirm the settings, and click OK.
  10. (Optional) On the Role Permissions tab page, click Add. On the displayed page, specify a resource type, role name, and permissions as required, confirm the settings, and click OK.
  11. After setting required parameters, click Save. In the preview dialog box, click OK.
  12. On the role management page, edit, rename, and delete an existing role as required.

    • admin, monitor, backupuser, and rwuser are system roles and cannot be edited or deleted.
    • Deleted roles cannot be recovered. Exercise caution when performing this operation.