Help Center/ GaussDB(for MySQL)/ User Guide/ Permissions Management/ Creating a User and Granting GaussDB(for MySQL) Permissions
Updated on 2024-11-06 GMT+08:00

Creating a User and Granting GaussDB(for MySQL) Permissions

This section describes how to use IAM for fine-grained permissions control over your GaussDB(for MySQL) resources. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing GaussDB(for MySQL) resources.
  • Grant only the permissions required for users to perform specific tasks.
  • Entrust a cloud service account to perform efficient O&M on your GaussDB(for MySQL) resources.

If your account does not require individual IAM users, skip this section.

Figure 1 describes the procedure for granting permissions.

Prerequisites

Learn about the permissions (see system-defined policies) supported by GaussDB(for MySQL) and choose policies or roles according to your requirements. For the permissions of other services, see System Permissions.

Process Flow

Figure 1 Process for granting GaussDB(for MySQL) permissions
  1. Create a user group and assign permissions to it.

    Create a user group on the IAM console, and attach the GaussDB(for MySQL) GaussDB FullAccess policy to the group.

    To use some functions of other services, you need to configure the GaussDB(for MySQL) FullAccess permission and the permission of the corresponding services. For example, when using DAS to connect to a DB instance, you need to configure the GaussDB FullAccess and DAS FullAccess permissions.

  2. Create an IAM user.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the GaussDB(for MySQL) console using the created user, and verify that the user only has read permissions for GaussDB(for MySQL).

    Choose Service List > GaussDB(for MySQL) and click Buy DB Instance. If you can buy an instance, the required permission policy has already been applied.