All Products
Search
Document Center

Security management

Last Updated: Jan 10, 2020

Security management is critical to databases. ApsaraDB for OceanBase has a unique security management scheme to ensure the security of data and resources. The security management scheme of ApsaraDB for OceanBase includes resource isolation and access control. Resources are isolated to ensure security. Access control ensures the security of shared data.

Manage tenant permissions

System tenants and standard tenants

ApsaraDB for OceanBase supports multitenancy. A tenant is the basis of database object management and resource management. A tenant is a container for various database objects and resources (such as CPU, memory, and I/O).

System tenants and standard tenants

The multitenant architecture has the following benefits:

  • In terms of data security, cross-tenant data access is not allowed. This ensures that the data assets of users are not at risk of leakage.

  • In terms of resource usage, tenants have exclusive use of their resources. The multitenant architecture ensures that data and resources are secure across different tenants.

ApsaraDB for OceanBase supports system tenants and standard tenants. System tenants are created by the system and are used to store resources that are used by ApsaraDB for OceanBase. System tenants are also used to manage clusters and store system tables. Only root users under system tenants can create and delete standard tenants, modify system configurations, and perform daily merge operations.

Tenant management

In ApsaraDB for OceanBase, data objects of different tenants are isolated. Tenants are at the top level of the object namespace. The permission management of tenants is described as follows:

  • Users under a system tenant or standard tenant cannot access user data of other standard tenants.

  • A user cannot grant permissions to users under a different tenant. For example, the administrator u1 under tenant A cannot grant read/write permissions for table t1 under tenant A to users under tenant B.

  • Only the administrators under system tenants have the permissions for system management, such as create and delete standard tenants, modify system configurations, and perform daily merge operations.

  • The users and permissions under a standard tenant are similar to those under a MySQL instance. These users can be standard users or have administrator rights. The method of granting and revoking permissions is the same as that of a MySQL instance.

  • If a user under a standard tenant has access to system views, this user can access the system table data under the system tenant. All metadata is stored in the system table under the system tenant.

Manage user permissions

The management of user permissions include the following operations: create users, delete users, change passwords, change usernames, lock users, grant permissions to users, and revoke permissions from users. ApsaraDB for OceanBase supports two types of users: users under system tenants and users under standard tenants. When you create a user, if the tenant in the current session is a system tenant, the user is created under the system tenant. If the tenant in the current session is a standard tenant, the user is created under the standard tenant.

Users under the same tenant must have different names. Users under different tenants can have the same name. The value of @ is unique in the system. To distinguish users under system tenants from users under standard tenants, we recommended that you use a specific prefix for the names of users under system tenants. Both a system tenant and standard tenant have a built-in root user. The root user under the system tenant is the system administrator. The root user under the standard tenant is the tenant administrator.

Users under a standard tenant only have access to objects under this tenant. The permissions for users under a standard tenant are compatible with MySQL. Users under a system tenant can be authorized to access objects under a different tenant. Users under a system tenant cannot access the table data of users under a standard tenant.

When you log on to the ApsaraDB for OceanBase console, you must specify a unique tenant name. After you log on as a user under a system tenant, you can switch the current tenant to a different tenant. After you log on as a user under a standard tenant, you cannot switch the current tenant to a different tenant.ApsaraDB for OceanBase supports the following levels of permissions:

  • Global level: The permissions apply to all databases. You can use the GRANT ALL ON . statement to grant global permissions.

  • Database level: The permissions apply to all objects in a database. You can use the GRANT ALL ON db_name.* statement to grant database permissions.

  • Table level: The permissions apply to all columns in a table. You can use the GRANT ALL ON db_name.tbl_name statement to grant table permissions.

The following table describes the permissions.
Permission Description
ALL PRIVILEGES All permissions except the permission to perform the GRANT OPTION operation
ALTER The permission to perform the ALTER TABLE operation
CREATE The permission to perform the CREATE TABLE operation
CREATE USER The permission to perform the CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES operations
CREATE TABLEGROUP The permission to perform the CREATE TABLEGROUP operation
DELETE The permission to perform the DELETE operation
DROP The permission to perform the DROP operation
GRANT OPTION The permission to perform the GRANT OPTION operation
INSERT The permission to perform the INSERT operation
SELECT The permission to perform the SELECT operation
UPDATE The permission to perform the UPDATE operation
SUPER The permission to modify global system parameters
SHOW DATABASES The permission to perform the SHOW DATABASES operation
INDEX The permission to perform the CREATE INDEX and DROP INDEX operations
CREATE VIEW The permission to perform the CREATE VIEW and DROP VIEW operations
SHOW VIEW The permission to perform the SHOW CREATE VIEW operation

Summary

In ApsaraDB for OceanBase, each tenant corresponds to a MySQL instance. The user permission management is compatible with that of MySQL. The operations provided by ApsaraDB for OceanBase are the same as those provided by MySQL. ApsaraDB for OceanBase introduces the permission management of tenants. The permissions for data and resources can be managed based on different tenants. The management of tenant permissions and user permissions ensures the security of ApsaraDB for OceanBase.