This topic describes the schema-level permission model (SLPM) in Hologres.
Background information
Hologres is compatible with PostgreSQL and allows you to use the standard PostgreSQL authorization model. For more information, see Standard PostgreSQL authorization model. In the standard PostgreSQL authorization model, permissions are managed in a fine-grained manner. To simplify operations, Hologres provides the following simple permission models for different business scenarios:
Simple permission model (SPM): allows you to grant a user database-level permissions with ease. For more information, see SPM.
SLPM: divides permissions based on schemas. Compared with SPM, SLPM manages permissions at a finer grain than SPM. If you want to divide permissions in a strict manner and grant permissions with ease, we recommend that you use the SLPM model.
NoteIn the Hologres console, you cannot grant user permissions by using SLPM. You must use a development tool to connect to a Hologres instance and execute SQL statements to grant permissions.
User groups and permissions in SLPM
After you enable SLPM, the following user groups with different permissions are generated for each database:
Superuser
{db}.admin
{db}.{schema}.developer
{db}.{schema}.writer
{db}.{schema}.viewer
The following table describes the permissions of each user group.
User group | Permissions |
Superuser | Serves as an administrator of a Hologres instance and has all permissions on the instance. |
{db}.admin |
|
{db}.{schema}.developer |
|
{db}.{schema}.writer |
|
{db}.{schema}.viewer |
|