Lädt...


🔧 GBase 8s Database User Management: Guide to Creating and Granting Permissions


Nachrichtenbereich: 🔧 Programmierung
🔗 Quelle: dev.to

Database security and user management are critical components in safeguarding enterprise data assets. GBase 8s database provides a comprehensive user creation and authorization mechanism to ensure the security and compliance of data operations. This article provides a detailed guide on how to create users, grant permissions, and manage user passwords in GBase 8s, offering database administrators a thorough operational manual.

1. Steps to Add a User

1) Switch Database User

  • Log in to the database server and switch to the database user gbasedbt
  • Command: su - gbasedbt

2) Check Database Status

  • Ensure the database is running (the standby node will prompt initialization)
  • Command: onstat -
  • Expected result: On-Line status

Image description

3) Modify Database Configuration Parameters

(The prerequisite database is enabled by default, this step is for verification)

  • Online modification of the USERMAPPING parameter
  • Command: onmode -wf USERMAPPING=ADMIN (For the standby node, manually modify the /home/gbasedbt/gbase/etc/onconfig.gbaseserver file using vi, find the USERMAPPING parameter, and change it to ADMIN, then save and exit)

Image description

4) Confirm Parameter Modification

  • Command: onstat -m
  • Expected result:

Image description

5) Create a New Operating System User

  • Command: useradd test1 and specify the database user password using passwd
  • (Use the root user to create)

6) Log in to the Database to Create User

  • Switch to gbasedbt user and execute the dbaccess command
  • Expected result:

Image description

7) Select Database

  • Press Enter to list all databases and select the database to be authorized, such as baidulast

Image description

8) Create Database User

  • Command: create user test1 with password "test1" (password should match the OS passwd password)
  • After entering, press ESC, then run the command

Image description

9) Execute SQL to Create the User

  • Command: create user test1 with password "test1" (Ensure that the password set here matches the system passwd setting. By default, the database user password is based on the system passwd password).

Image description

  • After entering, press ESC to enter the following page:

Image description

  • The cursor will automatically stop at the Run option. Press Enter directly. If successful, the following screenshot will be shown with a prompt at the bottom:

Image description

10) Grant Database Permissions

  • Move the cursor to the New option, press Enter, and input the authorization SQL
  • Command: grant dba to test1

Image description

  • After entering, press ESC, then run the command, it this be shown after the authorization is successful:

Image description

11) Single Node Database User Creation and Authorization Completed
- Subsequent configuration for the standby node is required
- Add OS user in the same way, refer to Step 5
- Modify the standby node configuration file, refer to Step 3

12) Revoke Permissions
- Command: revoke dba from test1
- Enter the interactive mode in the same way

2. Change Password

  • Use the root user to execute passwd username to change the database user password, which requires 900 seconds for internal synchronization

3. Create Non-OS Database User

Database mapping user:

1) Create an OS User

useradd gbasetest
passwd gbasetest /gbasetest

2) Modify allowed.surrogates Configuration File

  • This configuration file is located in the etc directory of the database software installation. Copy the std file to the /etc/gbasedbt (or /etc/gbasedbt, depending on the version) directory. It requires root user ownership and 600 permissions. Modify the file at the end with (user: gbasetest group: gbasetest).

3) Execute with gbasedbt User

onmode -cache surrogates
  • Check logs for success
  • Expected log entry:
Entries in the surrogates file /etc/gbasedbt/allowed.surrogates are loaded into surrogate cache

4) Log in to the Database System Library

Execute dbaccess sysuser, can use either default mapping or specify mapping user for each added user (recommended to set default mapping user)

  • Command A: CREATE DEFAULT USER WITH PROPERTIES USER 'gbasetest'; then dbaccess sysuser execute
CREATE USER zwq1 WITH PASSWORD "GBase001"; 
  • Command B: Do not create the default group execute
create user zwqtest1 with password "GBase001" properties user "gbasetest";

5) Grant Permissions

  • After that, you can use gbasetest01 to log in to the database and connect to the corresponding database with the appropriate permissions.

To reset the user password:

  • Execute the SQL command: set user password old "XXXXXXXX" new "XXXXXXXXX" — This method requires logging in with the user whose password you want to change.

  • Execute the SQL command: alter user xxzxnbgl modify password '1qaz@WSXqwe' — This method requires logging in with the gbasedbt user to change any user's password.

4. Grant SELECT (Read-Only) Permissions

1) Grant Connect Permission

  • Command: GRANT CONNECT TO user1;

2) Create a Stored Procedure

Note: The owner of the table (i.e., the user who created the table) whose permissions need to be revoked should be used to create and execute the following stored procedure. If there are tables created by multiple users in a database, the following stored procedure needs to be created and executed by each user separately (the stored procedure names can be chm1, chm2, etc.). To find the owner of each table, use the query:

select tabname, owner from systables where tabid > 99;

Stored procedure content:

   drop procedure if exists chm;
   create procedure chm(username varchar(255))
   returning varchar;
   define tname varchar(255);
   define towner varchar(255);
   define gsql varchar(255);
   define rmsql varchar(255);
   foreach cur for select tabname, owner into tname, towner from systables where tabid > 99 and tabtype<>'s'
     let rmsql = "REVOKE ALL ON " || tname || " FROM PUBLIC";
     execute immediate rmsql;
     let gsql = "grant select on " || tname || " to " || username || " as " || towner;
     execute immediate gsql;
   end foreach;
   end procedure;

3) Execute the Stored Procedure

execute procedure chm('user1');

With this detailed guide, you should now have a comprehensive understanding of how to create and grant permissions to users in the GBase 8s database. Proper management of database users and permissions is crucial for ensuring data security and improving operational efficiency. We hope this article helps database administrators manage users more effectively and contributes to protecting enterprise data assets.

...

🔧 GBase 8s Database User Management: Guide to Creating and Granting Permissions


📈 77.94 Punkte
🔧 Programmierung

🐧 The Guide to Granting User Permissions to Folders with Ease


📈 42.81 Punkte
🐧 Linux Tipps

🔧 Guide to Viewing User Permissions in GBase 8s


📈 36.3 Punkte
🔧 Programmierung

🔧 Guide to Viewing User Permissions in GBase 8s


📈 36.3 Punkte
🔧 Programmierung

🔧 GBase 数据库 | GBase 8a MPP Cluster Automatic Log Cleanup Implementation


📈 32.29 Punkte
🔧 Programmierung

🔧 GBase 数据库 | GBase 8a MPP Cluster Automatic Log Cleanup Implementation


📈 32.29 Punkte
🔧 Programmierung

🔧 Creating a New Era of Intelligent Finance: GBase Database Leading the Digital Transformation in Finance


📈 30.44 Punkte
🔧 Programmierung

🔧 Creating a New Era of Intelligent Finance: GBase Database Leading the Digital Transformation in Finance


📈 30.44 Punkte
🔧 Programmierung

📰 Hacker steals Verizon employee database after tricking worker into granting remote access


📈 29.01 Punkte
📰 IT Security Nachrichten

🔧 Emergency Handling for GBase Database Failures (3) - Database Service Anomalies & Data Loss


📈 28.86 Punkte
🔧 Programmierung

🔧 GBase 8s Database Performance Testing and Optimization Guide


📈 28.24 Punkte
🔧 Programmierung

🔧 GBASE数据库 | Detailed Guide to Using the ontape Tool for Backup and Recovery in GBase 8s Database


📈 28.24 Punkte
🔧 Programmierung

📰 Apple Accussed of Granting Chinese Governmet Control over User Data


📈 27.71 Punkte
📰 IT Security Nachrichten

🔧 Guide to Seamlessly Connecting ODBC with GBase 8s Database on Linux


📈 26.98 Punkte
🔧 Programmierung

🔧 Guide to Seamlessly Connecting ODBC with GBase 8s Database on Linux


📈 26.98 Punkte
🔧 Programmierung

🪟 Chips and Science act passes US Senate, moving one step closer to granting $52 billion to chipmakers


📈 23.91 Punkte
🪟 Windows Tipps

🔧 GBase 8s Database Locking Issues and Performance Optimization Strategies


📈 23.76 Punkte
🔧 Programmierung

🔧 Diagnosing and Optimizing Running Slow SQL in GBase 8s Database


📈 23.76 Punkte
🔧 Programmierung

🔧 GBase 8s Database Locking Issues and Performance Optimization Strategies


📈 23.76 Punkte
🔧 Programmierung

🔧 GBase 8c: Compatibility and High-Performance Distributed Database


📈 23.76 Punkte
🔧 Programmierung

🔧 GBase 8s Database Sharded Tables and Index Sharding Strategies (2)


📈 23.76 Punkte
🔧 Programmierung

🔧 Connecting to GBase 8s Database Using C# and ADO.NET on Windows (2)


📈 23.76 Punkte
🔧 Programmierung

🔧 GBase 8c Database Failure Handling and Practice


📈 23.76 Punkte
🔧 Programmierung

🔧 GBASE数据库 | GCDW Installation and HDFS Configuration with GBase Database


📈 23.76 Punkte
🔧 Programmierung

📰 The off-brand 'military-grade' x86 processors, in the library, with the root-granting backdoor


📈 22.66 Punkte
📰 IT Security Nachrichten

📰 The off-brand 'military-grade' x86 processors, in the library, with the root-granting 'backdoor'


📈 22.66 Punkte
📰 IT Security Nachrichten

📰 Cisco patches a couple of root access-granting security flaws


📈 22.66 Punkte
📰 IT Security Nachrichten

📰 WordPress security: Steps to assess an employee before granting admin access On WordPress


📈 22.66 Punkte
📰 IT Security Nachrichten

📰 RSA Conference 2019: UniKey Patches BleedingBit Flaws Granting Access To Hotel Rooms, Cars


📈 22.66 Punkte
📰 IT Security Nachrichten

📰 Granting Remote Consultant Access to Private Network - Best Practice


📈 22.66 Punkte
📰 IT Security Nachrichten

📰 Salesforce Triggers 15-Hour Shutdown After Faulty Script Starts Granting View/Modify Access


📈 22.66 Punkte
📰 IT Security Nachrichten

📰 Millions of Exim servers vulnerable to root-granting exploit


📈 22.66 Punkte
📰 IT Security Nachrichten

📰 Millions of Exim servers vulnerable to root-granting exploit


📈 22.66 Punkte
📰 IT Security Nachrichten

matomo