This topic describes how to use the simple permission model (SPM) or the standard PostgreSQL authorization model in Hologres to grant the development permissions on a purchased Hologres instance to a RAM user within your Alibaba Cloud account.
Background information
By default, the system sets the Alibaba Cloud account that is used to purchase an instance as a superuser of the instance. A superuser has all permissions on an instance. It can create and delete databases, create roles, and grant permissions to roles.
- The RAM user must be authorized by the Alibaba Cloud account before it can use a Hologres instance. The RAM user can also be assigned the superuser role.
- Even if the RAM user has permissions to purchase instances, the RAM user can perform data analytics operations on a Hologres instance only after relevant development permissions on the instance are granted by the Alibaba Cloud account.
Permissions that are granted in the RAM console and development permissions on instances apply to different scenarios. For more information, see Grant permissions on Hologres to RAM users.
Use the SPM to grant development permissions to a RAM user (Recommended)
Use the standard PostgreSQL authorization model to grant development permissions to a RAM user
To use the standard PostgreSQL authorization model to grant development permissions to a RAM user, perform the following steps:
Use Hologres as a RAM user
After a RAM user is granted the permissions to use Hologres, you can connect to the instance that you want to manage from the PostgreSQL client and perform data analytics operations on the instance as the RAM user. For more information, see Connect to a Hologres instance from the PostgreSQL client.
PGUSER=<AccessID> PGPASSWORD=<AccessKey> psql -p <Port> -h <Endpoint> -d <Database>
View the permissions of a RAM user
- View the permissions that are granted to the RAM user by executing SQL statements.
Connect to the Hologres instance to which the RAM user is added from the PostgreSQL client and execute the following SQL statements to view the granted permissions:
SELECT * FROM pg_roles WHERE rolname = 'p4_user ID'; // Query the role that is assigned to the specified user. SELECT rolname FROM pg_roles; SELECT user_display_name(rolname) FROM pg_roles;