Updated on 2024-11-29 GMT+08:00

Creating a User and Allocating Permissions

Prerequisites

  • Users and permissions have been planned.
  • You have created a user allocated a role with the MOTService user edit permission.

Creating an MOTService Role

  1. Log in to FusionInsight Manager.
  2. Choose System > Permission > Role.
  3. On the displayed page, click Create Role and specify Role Name and Description.
  4. Configure Configure Resource Permission. MOTService permission types are as follows:

    • MOTService user edit permission: the highest-level permission, which can be used to create and modify MOTService users.
    • MOTService user viewing permission: the permission to view information about MOTService users.
    Table 1 Configuring a role

    Task Scenario

    Role Authorization

    Configure the MOTService user edit permission.

    In the Configure Resource Permission table, choose Name of the desired cluster > MOTService > Mot User Privileges and select Edit. Users with the Edit permission also have the View permission by default.

    Configure the MOTService user viewing permission.

    In the Configure Resource Permission table, choose Name of the desired cluster > MOTService > Mot User Privileges and select View.

  5. Click OK.

Creating a User with the Permission to Manage MOTService Users

  1. Log in to FusionInsight Manager.
  2. Choose System > Permission > User. On the page displayed, click Create.
  3. Enter a username, for example, motAdmin.
  4. Set User Type to Human-Machine.
  5. Configure Password and Confirm Password.
  6. Retain the default values for User Group and Primary Group or add them as needed.
  7. In the Role area, click Add to bind default, System_administrator, and roles with the MOTService user edit permission to the user.
  8. Click OK.

Creating a MOTService User

Method 1: On FusionInsight Manager, choose MOTService > User Management to create a user.

  1. Log in to FusionInsight Manager as a user who has the MOTService user management permission (for example, motAdmin), and choose Cluster > Services > MOTService. On the page displayed, click User Management.
  2. Click Create User, enter the user name and password, and select a user type. For details about user types, see Table 1.

    • System administrator: has the highest-level database permissions, that is, has full system and object permissions.
    • Common user: can access the default system tables and views (except pg_authid, pg_largeobject, pg_user_status, and pg_auth_history), connect to the default database postgres, and use objects in the public schema.

  3. Click OK.

    A maximum of 20 users can be created. After a user is created, you can modify the user type and password. However, you cannot modify both user type and password at a time.

Method 2: Log in to the node to create a user.

  1. Log in to FusionInsight Manager, choose Cluster > Services > MOTService, click Instance, and view and record the service IP address of the MOTServer(Active) instance.
  2. Log in to the active MOTService node as user omm and run the following command to start environment variables:

    source ${MOTSERVER_HOME}/.motservice_profile

  3. Run the following command to connect to the MOTService database and enter the password of user omm:

    gsql -d postgres -p 20105

    Contact the system administrator to obtain the password of user omm for the MOTService database.

  4. Create a user and grant permissions to the user.

    1. Create a user and grant system permissions to the user.

      For example, to create a user with database permissions, run the following command:

      CREATE USER joe WITH CREATEDB PASSWORD "password";

    2. Grant object permissions to a user. For details about the syntax, see "GRANT" and "REVOKE" in the syntax manual.

      For example, to grant the select permission on the hr.staffs table to the user joe, run the following command:

      GRANT SELECT ON TABLE hr.staffs to joe;

    3. Grant object permissions to a role. For details about the syntax, see "GRANT" and "REVOKE" in the syntax manual.

      For example, grant the select permission on the hr.staffs table to the role lily, run the following commands:

      postgres=# CREATE ROLE lily WITH CREATEDB PASSWORD "password";

      GRANT SELECT ON TABLE hr.staffs to lily;

    4. Grant the permissions of a role to a user. For details about the syntax, see "GRANT" and "REVOKE" in the syntax manual.

      For example, grant the permissions of the role lily to the user joe, run the following command:

      postgres=# GRANT lily to joe;

      All permissions (except system permissions) of a role can be granted to users.