Separation of Database Access Permissions
In GaussDB(DWS), you can isolate workloads through database and schema configurations. Their differences are as follows:
- Databases cannot communicate with each other and share very few resources. Their connections and permissions can be isolated.
- Schemas share more resources than databases do. User permissions on schemas and subordinate objects can be flexibly configured using the GRANT and REVOKE syntax.
You are advised to use schemas to isolate services for convenience and resource sharing purposes. It is recommended that system administrators create schemas and databases and then assign required permissions to users.
- Each database has one or more schemas. Each schema contains various types of objects, such as tables, views, and functions.
- To access an object at the bottom layer, a user must be granted the permission on the object at the upper layer.
- To create or delete a schema, you must have the CREATE permission for its database.
- To access table1 in a schema, a user must be granted the CONNECT permission for its database, the USAGE permission of the schema, and the SELECT permission of table1.
For details, see How Does GaussDB(DWS) Implement Workload Isolation?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot