Lindorm allows you to manage users and their permissions. You can add users, delete users, grant users read or write permissions, and revoke permissions from users in the cluster management system of LindormTable.
Prerequisites
You are logged on to the cluster management system of your Lindorm instance. For more information, see Log on to the cluster management system.
Create or delete a user
Create a user
In the left-side navigation pane of the cluster management system, choose
.On the right side of the page, click + Add user
In the Add user dialog box, enter the Username and Password.
Click OK.
After you create a user, the password of the user cannot be viewed in the system. If you forget the password, you must change the password.
No permission is granted to a user when it is created. You must manually grant permissions to the user. For more information, see Grant and revoke permissions.
Delete a user
Find the user that you want to delete. Click Delete in the Operation column.
Click OK.
Change the password of a user
Click Change password in the Operation column corresponding to the user whose password you want to change.
In the Change password dialog box, specify the New password.
Click OK.
Permission management
You can grant permissions to or revoke permissions from a user in the cluster management system.
Permission levels
The following permission levels from high to low are defined to control access to Lindorm instances and the relevant resources: Global, Database (Namespace), and Table. A higher level provides all permissions that are provided by a lower level.
For example, if User 1 is granted the global read and write permissions, User 1 has the read and write permissions on wide tables in all databases in a Lindorm cluster. If User 2 is granted the read and write permissions on Database 1, User 2 has the read and write permissions on all tables in Database 1, including newly created tables in Database 1.
Permissions
The following table describes the supported permissions and the syntaxes that you can execute with the corresponding permissions.
Permission | Description | Syntax |
WRITE | Operations related to writing data to tables in Lindorm. | PUT, BATCH, DELETE, INCREMENT, APPEND, and CHECKANDMUTATE |
READ | Operations related to reading data from tables in Lindorm. | GET, SCAN, and EXIST |
Operations related to reading the descriptor and namespace information of tables in ApsaraDB for Lindorm. | GETTABLEDESCRIPTOR, LISTTABLES, and LISTNAMESPACEDESCRIPTORS | |
ADMIN | Data Definition Language (DDL) operations other than those related to deleting tables or table data. | CREATETABLE, ENABLETABLE, and DISABLETABLE |
DDL operations related to namespaces. | CREATENAMESPACE | |
TRASH | Operations that can prevent users from accidentally deleting tables or table data. | TRUNCATETABLE and DELETETABLE |
SYSTEM | O&M operations. Data migration and synchronization operations performed by using LTS. | COMPACT and FLUSH |
Grant and revoke permissions
Click More in the Operation column corresponding to the user.
Select the operation that you want to perform from the drop-down list.
Grant permissions: You can grant the global, namespace, or table permission to the user.
Revoke permissions: You can revoke the global, namespace, or table permission from the user.
In the dialog box that appears, select or deselect the permissions and related information.
Click OK.