LOGIN
permission; for example:CREATE role jsmith with LOGIN;
LOGIN
permission is created, who can connect to databases. In addition to LOGIN
, CDWPG also has the following permissions to manage user access, which can be granted during role creation with the CREATE ROLE
statement.Permission Value | Purpose | Default Value |
SUPERUSER Ι NOSUPERUSER | Superuser permission. Only superusers can create other superusers | NOSUPERUSER |
CREATEDB Ι NOCREATEDB | Creates databases | NOCREATEDB |
CREATEROLE Ι NOCREATEROLE | Creates and manages roles | NOCREATEROLE |
INHERIT Ι NOINHERIT | Determines the permissions a user inherits from the group to which the user belongs | INHERIT |
LOGIN Ι NOLOGIN | Connects to databases, which is granted to users but not groups | NOLOGIN |
CONNECTION LIMIT | Limits the number of concurrent connections to a database. –1 means no limit | –1 |
CREATEEXTTABLE Ι NOCREATEEXTTABLE | Creates external tables | NOCREATEEXTTABLE |
PASSWORD | Sets the password during user creation | None |
VALID UNTIL 'timestamp' | Password expiration time | None |
RESOURCE QUEUE 'name' | The name of the resource queue to which the created query is scheduled after a user establishes a connection | pg_default |
ALTER ROLE
syntax as shown below:ALTER role jsmith with CREATEROLE;
LOGIN
permission but a combination of permissions that are frequently used together. In this way, permissions can be granted to or revoked from a user as a whole.Create role, Create DB, Cannot login;
GRANT TO
or REVOKE FROM
statement respectively. Users added to the group will inherit the group's permissions.GRANT TO
statement: jsmith
user belongs to the manager
group.REVOKE FROM
statement: jsmith
user no longer belongs to the manager
group.GRANT INSERT ON test TO jsmith;
INSERT
permission of test
to the jsmith
user with the above statement and revoke it with REVOKE FROM
.REASSIGN OWNED
statement as shown below:SET ROLE jsmith; // Switch to the `jsmith` user.CREATE TABLE jsmithtest (age int, id int); // Create a tableSET ROLE gpadmincloud; // Switch back to the superuserreassign owned by jsmith to lambuser; // Transfer all the objects owned by `jsmith` to `lambuser`
jsmith
to lambuser
.
Was this page helpful?