Security management is essential to databases. OceanBase Database provides special security management policies to protect data and resources. The security management policies include resource isolation and privilege control. Resource isolation allows you to restrict the access to data, ensuring resource security. Privilege control allows you to set access privileges for shared data, ensuring data security.
Manage account privileges
You can set user privileges in the RAM console.
Log on to the RAM console. In the left-side navigation pane, click Policy Management. On the page that appears, click Create Policy.
On the Create Policy page, specify Policy Name, select Script, and create privilege policies for RAM users.
In the left-side navigation pane, click Users. On the page that appears, search for the user to which you want to add privileges.
On the user details page, click Privileges.
On the Personal Privileges tab, click Add Privilege.
In the dialog box that appears on the right, click Custom Policy, select the created policy, and then click OK.
Manage tenant privileges
System tenants and common tenants
OceanBase Database supports the multi-tenant architecture. Tenants lay the foundation for database object management and resource management. They serve as containers for both database objects and resources such as CPU, memory, and I/O resources.
The multi-tenant architecture has the following benefits:
In terms of data security, OceanBase Database forbids cross-tenant access, to protect user data assets from exposure.
In terms of resource utilization, a tenant has exclusive resource quotas. The multi-tenant architecture separates data from resources, ensuring the security of data and resources across different tenants.
OceanBase tenants can be either system tenants or common tenants. A system tenant is a built-in tenant used to store resources required for proper operating of OceanBase Database, and manage clusters and system tables. Only the root user under the system tenant can add or delete common tenants, modify system configurations, and perform important operations such as daily compaction.
In OceanBase Database, data objects of different tenants are completely isolated from each other. The top level of an object namespace is a tenant. Tenant privilege management in OceanBase Database has the following features:
Users under any tenant, regardless of whether it is a system tenant or common tenant, cannot access the user data under other common tenants.
Cross-tenant authorization is not supported. For example, administrator u1 of tenant A cannot grant the read and write privileges on table t1 under tenant A to any users under tenant B.
Only the administrator of the system tenant is authorized to manage the cluster and perform system operations, for example, creating or deleting common tenants, setting system parameters, and enabling daily compaction.
Users under a common tenant include privileged users and common users, similar to those in a MySQL instance, . Privileges are granted and revoked in the same way as that in a MySQL instance.
During cross-tenant data access, if a user under a common tenant has the privilege to access system views, the user can actually access the system tables under the system tenant, because all metadata is stored in the system tables.
Manage user privileges
OceanBase Database allows you to create and delete users, change passwords, change usernames, lock users, grant privileges to users, and revoke privileges from users. Users of OceanBase Database are classified into two categories: users under a system tenant and users under a common tenant. When you create a user, if the current session is under a system tenant, the created user is a user under the system tenant. Otherwise, the user is a user under a common tenant.
Usernames under a tenant must be unique. However, they can be duplicate under different tenants A tenant can be globally uniquely identified by the combination of
username@tenant name. We recommend that you add a prefix to usernames of users under a system tenant to distinguish them from users under a common tenant. Both system tenants and common tenants are configured with an internal root user. The root user of a system tenant acts as a system administrator, and the root user of a common tenant acts as a tenant administrator.
Users under a common tenant have access only to the objects under the tenant, and the privileges for the users are compatible with those of MySQL. Users under a system tenant can be granted the privilege to access objects across tenants. Users under the system tenant are not allowed to access user tables under common tenants.
Users must specify a unique tenant name when they log on to OceanBase Database. Users under the system tenant can switch to other tenants after logon. However, users under a common tenant cannot switch to other tenants. Privileges can be classified into the following levels:
Global: Privileges at this level apply to all databases. Run the GRANT ALL ON *.*command to grant global privileges.
Database level: Privileges at this level apply to all objects in a specified database. Run the GRANT ALL ON db_name.* command to grant database privileges.
Table level: Privileges at this level apply to all columns in a specified table. Run the GRANT ALL ON db_name.tbl_name command to grant table privileges.
The following table describes the privileges.
All privileges except GRANT OPTION.
The ALTER TABLE privilege.
The CREATE TABLE privilege.
The CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES privileges.
The global CREATE TABLEGROUP privilege.
The DELETE privilege.
The DROP privilege.
The GRANT OPTION privilege.
The INSERT privilege.
The SELECT privilege.
The UPDATE privilege.
The SET GLOBAL privilege for modifying global system parameters.
The global SHOW DATABASES privilege.
The CREATE INDEX and DROP INDEX privileges.
The privilege to create and delete views.
The SHOW CREATE VIEW privilege.
In OceanBase Database, each tenant corresponds to one MySQL instance. The user privileges provided by OceanBase Database are compatible with those of MySQL, with the same privilege management operations. OceanBase Database introduces a multi-tenant mechanism based on users. Therefore, tenant privilege management is also introduced to specify the data and resource access privileges of different tenants. Management of the tenant and user privileges ensures the security of OceanBase Database.