本文介绍不同的自建数据库引擎在为数据库自治服务DAS授权账号时,需要具备的最小权限;如果不满足最小权限,DAS的连通测试将返回权限不足。
说明
本文以账号名为das_test,密码为password进行举例说明,请根据实际情况进行替换。
自建MySQL
创建账号并授权:
CREATE USER 'das_test'@'%' IDENTIFIED BY 'password';
GRANT SHOW DATABASES, PROCESS, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'das_test'@'%';
GRANT SELECT ON *.* TO 'das_test'@'%';自建PostgreSQL
创建账号并授权:
CREATE USER das_test PASSWORD 'password';
GRANT SELECT ON ALL TABLES IN SCHEMA PUBLIC TO das_test;
/* 可选执行,用于采集慢日志和SQL */
ALTER USER das_test WITH SUPERUSER;自建MongoDB
创建账号并授权:
use admin;
db.createUser({user:'das_test',pwd:'password',roles:[{role:'readAnyDatabase', db:'admin'}, {role:'clusterMonitor', db:'admin'}, {role: 'hostManager', db: 'admin'},{db: 'local', role: 'dbAdmin'},{db: 'config', role: 'dbAdmin'},{db: 'admin', role: 'dbAdminAnyDatabase'}]});