All Products
Search
Document Center

Hologres:User management

最終更新日:Mar 27, 2024

In the Hologres console, you can click Account Management on the Instance Details page to go to the User Management page in the HoloWeb console. On the User Management page, you can add users to your Hologres instance, delete users from your Hologres instance, and grant permissions to users. You can manage users on the User Management page in a visualized manner.

By default, the Alibaba Cloud account that is used to purchase a Hologres instance is the superuser of the instance and has all permissions on the Hologres instance. Before you add other users, only the Alibaba Cloud account is displayed on the User Management page. The following table describes the items displayed on the User Management page.

Item

Description

Members

The name of the user in the instance. The value can be the name of an Alibaba Cloud account, a RAM user, or a custom account.

Account ID

The ID of the user in the instance.

Examples:

  • Alibaba Cloud account: 11822780xxx

  • RAM user: p4_269499383xxxx

  • Custom account: BASIC$xxx

Account Type

The account type of the user in the instance. Valid values:

  • Aliyun Account (ALIYUN)

  • RAM User (RAM)

  • Basic User (BASIC)

Role Type

The role assigned to the user in the instance. Valid values:

  • Superuser

  • Normal

Operation

The operation that you can perform on the user in the instance. You can click Delete in the Operation column to delete the user from the instance. After the user is deleted, the user has no permissions on the instance.

Limits

By default, you cannot use a custom account to query data in MaxCompute by using foreign tables. If you want to query MaxCompute data by using a custom account, you must configure user mappings. For more information, see FAQ.

Add a user

This section describes how to add a user to a Hologres instance on the User Management page in a visualized manner.

  1. In the upper part of the User Management page, select the desired instance from the Instance Name drop-down list. In the upper-right corner of the User Management page, click Add New User.

  2. In the Add New User dialog box, select a RAM user in your Alibaba Cloud account and set the Select Member Role parameter to Examples of the Super Administrator (SuperUser) or Ordinary user.新增用户

    Note
    • If no RAM user exists in your Alibaba Cloud account, create a RAM user. For more information, see Grant permissions to a RAM user.

    • In Hologres, you can add users by using an Alibaba Cloud account or a RAM user that is assigned the superuser role of the instance. The RAM user must be granted the permissions specified in the AliyunRAMReadOnlyAccess policy. For more information, see Grant permissions to a RAM user.

    • Examples of the Super Administrator (SuperUser): The superuser of a Hologres instance has all permissions on the instance. If the superuser role is assigned to a RAM user, no further authorization is required for the RAM user.

    • Ordinary User: Regular users created in a Hologres instance have no query or management permissions on the objects in the instance. The objects include databases, schemas, and tables. Regular users must obtain required permissions before they can query or manage the objects in the instance.

      We recommend that you grant permissions to a user in a visualized manner. For more information, see the "Grant permissions to a user" section in Manage databases. You can also execute SQL statements to grant permissions to a user. For more information, see Grant permissions to a RAM user.

Delete a user

In the upper part of the User Management page, select the desired instance from the Instance Name drop-down list. Find the user that you want to delete and click Delete in the Operation column. In the Delete User message, click OK. After the user is deleted from the instance, the user has no permissions on the instance.

Create a custom account

  • Use the console

    You can create a custom account for a Hologres instance on the User Management page in a visualized manner.

    1. In the upper part of the User Management page, select the desired instance from the Instance Name drop-down list. In the upper-right corner of the User Management page, click Create Basic User.

    2. In the Create Basic User dialog box, configure the parameters described in the following table.创建自定义用户

      Parameter

      Description

      Account Name

      The name of the custom account. The name can be up to 57 characters in length and can contain lowercase letters, digits, and underscores (_).

      Select Member Role

      The account type. Valid values:

      • Examples of the Super Administrator (SuperUser): The superuser of a Hologres instance has all permissions on the instance. If the superuser role is assigned to a RAM user, no further authorization is required for the RAM user.

      • Ordinary User: Regular users created in a Hologres instance have no query or management permissions on the objects in the instance. The objects include databases, schemas, and tables. Regular users must obtain required permissions before they can query or manage the objects in the instance.

      Password

      The password for the custom account. The password must meet the following requirements:

      • The password contains at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.

      • The password must be 8 to 32 characters in length.

      • The password can contain the following special characters ! @#$%^&*()_+-=.

      Confirm Password

      Enter the password again.

    3. Click OK.

  • Use SQL statements

    create user "BASIC$<user_name>" with password '<password>';

    In the preceding statement, replace user_name with the name of the custom account that you want to create and password with the password of the custom account.

Other operations

  • Change the password of a custom account

    Note

    You can change passwords of only custom accounts. The AccessKey pairs of the Alibaba Cloud account and RAM users are automatically generated.

    You can use one of the following methods to change the password of a custom user:

    • Use the console

      1. On the User Management page, click the User Account Authorization tab, find the custom account whose password you want to change, and then click Reset Password in the Operation column.

      2. In the Reset Password dialog box, configure the Password and Confirm Password parameters, and click OK.

    • Use SQL statements

      alter user "BASIC$<user_name>" with password '<password>';

      In the preceding statement, replace user_name with the name of the custom account for which you want to change the password and password with the new password.

  • Delete a custom account

    You can use one of the following methods to delete a custom account:

    • Use the console

      1. On the User Management page, click the User Account Authorization tab, find the custom account that you want to delete, and then click Delete in the Operation column.

      2. In the Delete User message, click OK.

    • Use SQL statements

      drop user "BASIC$<user_name>";

      In the preceding statement, replace user_name with the name of the custom account that you want to delete.

Common errors and troubleshooting

  • Problem description

    When I use a custom account to access data in MaxCompute by using foreign tables, the following error message is reported:

    ERROR:  Query:[xxxxxx] Build desc failed: failed to check permission: Authorization Failed [4002], You don't exist in project hologres_test. Context ID:xxxxxx-xxxx-xxxx-xxxx-xxxxxxx.    --->Tips: Pricipal:INVALID$BASIC$xxx; You don't exist in project xxx
  • Cause

    By default, custom accounts are created within Hologres and cannot be used to access MaxCompute foreign tables.

  • Solution

    Configure a user mapping between the custom account and a RAM user that has permissions to access MaxCompute projects and Hologres internal tables.

    • Syntax

      CREATE USER MAPPING
      FOR "<user_name>"
      SERVER odps_server
      OPTIONS
      (
          access_id '<Access_id>',
          access_key '<Access_key>'
      );
    • Parameter description

      Parameter

      Description

      user_name

      The name of the custom account.

      Access_id

      The AccessKey ID of the account that is used to log on to the Hologres database.

      You can obtain the AccessKey ID from the Security Management page.

      Access_key

      The AccessKey secret of the account that is used to log on to the Hologres database.

      You can obtain the AccessKey secret from the Security Management page.

    • Examples

      -- Execute the CREATE USER MAPPING statement for the user named BASIC$test.
      CREATE USER MAPPING
      FOR "BASIC$test"
      SERVER odps_server
      OPTIONS (
        access_id 'LTxxxxxxxxxx',
        access_key 'y8xxxxxxxxxxxxx');
      
      -- Execute the CREATE USER MAPPING statement for the current user.
      CREATE USER MAPPING
      FOR CURRENT_USER
      SERVER odps_server
      OPTIONS (
        access_id 'LTxxxxxxxxxx',
        access_key 'y8xxxxxxxxxxxxx');