Security management is essential to databases. OceanBase Database provides special security management policies to protect data and resources. The security management policies include resource isolation and privilege control. Resource isolation allows you to restrict the access to data, ensuring resource security. Privilege control allows you to set access privileges for shared data, ensuring data security.
Manage account privileges
You can set user privileges in the RAM console.
Log on to the RAM console. In the left-side navigation pane, click Policy Management. On the page that appears, click Create Policy.
On the Create Policy page, specify Policy Name, select Script, and create privilege policies for RAM users.
In the left-side navigation pane, click Users. On the page that appears, search for the user to which you want to add privileges.
On the user details page, click Privileges.
On the Personal Privileges tab, click Add Privilege.
In the dialog box that appears on the right, click Custom Policy, select the created policy, and then click OK.
Manage user privileges
OceanBase Database allows you to create and delete users, change passwords, change usernames, lock users, grant privileges to users, and revoke privileges from users.
Users in the same tenant have unique names and have access only to objects in the tenant. The privileges for the users are compatible with those of MySQL and can be classified into the following levels:
Global: Privileges at this level apply to all databases. You can use the GRANT ALL ON *.* statement to grant global privileges.
Database level: Privileges at this level apply to all objects in a specified database. You can use the GRANT ALL ON db_name.* statement to grant database privileges.
Table level: Privileges at this level apply to all columns in a specified table. Run the GRANT ALL ON db_name.tbl_name command to grant table privileges.
The following table describes the privileges.
Privilege | Description |
ALL PRIVILEGES | All privileges except GRANT OPTION. |
ALTER | The ALTER TABLE privilege. |
CREATE | The CREATE TABLE privilege. |
CREATE USER | The CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES privileges. |
CREATE TABLEGROUP | The global CREATE TABLEGROUP privilege. |
DELETE | The DELETE privilege. |
DROP | The DROP privilege. |
GRANT OPTION | The GRANT OPTION privilege. |
INSERT | The INSERT privilege. |
SELECT | The SELECT privilege. |
UPDATE | The UPDATE privilege. |
SUPER | The SET GLOBAL privilege for modifying global system parameters. |
SHOW DATABASES | The global SHOW DATABASES privilege. |
INDEX | The CREATE INDEX and DROP INDEX privileges. |
CREATE VIEW | The privilege to create and drop views. |
SHOW VIEW | The SHOW CREATE VIEW privilege. |