In the Hologres console, you can click Account Management on the instance details page to go to the User Management page in the HoloWeb console. On the User Management page, you can add users to and remove users from your Hologres instance and grant them permissions. The User Management page allows you to manage users in a visualized manner.

By default, the Alibaba Cloud account that is used to create a Hologres instance is the superuser of the instance and has full permissions. Before you add other users, only the Alibaba Cloud account is displayed on the User Management page. The following table describes the information displayed in the user list.
Column Description
Members The name of the user in the instance. The value can be the name of an Alibaba Cloud account, a RAM user, or a custom account.
Account ID The ID of the user in the instance.
Examples:
  • Alibaba Cloud account: 11822780xxx
  • RAM user: p4_269499383xxxx
  • Custom account: BASIC$xxx
Account Type The account type of the user in the instance. Valid values:
  • ALIYUN: Alibaba Cloud account
  • RAM: RAM user
  • BASIC: custom account
Role Type The role assigned to the user in the instance. Valid values:
  • Superuser
  • Normal
Operation The operation that you can perform on the user in the instance. You can click Delete in the Operation column to remove the user from the instance. After the user is removed, it has no permissions on the instance.

Add a RAM user

On the User Management page, you can add a RAM user to a Hologres instance in a visualized manner. To add a RAM user, perform the following steps:
  1. In the upper part of the User Management page, select an instance from the Instance Name drop-down list. In the upper-right corner of the page, click Add New User.
  2. In the Add New User dialog box, select a RAM user within the current Alibaba Cloud account and set the Select Member Role parameter by selecting Examples of the Super Administrator (superuser) or Ordinary user. Add New User
    Note If no RAM users exist within your Alibaba Cloud account, create one. For more information, see Grant permissions to a RAM user.
    • Examples of the Super Administrator (superuser): The superuser of a Hologres instance has all permissions on the instance. If the superuser role is assigned to a RAM user, no further authorization is required for the RAM user.
    • Ordinary user: Normal users created in a Hologres instance have no query or management permissions on the objects in the instance, such as databases, schemas, and tables. Normal users must obtain required permissions before they can query or manage the objects in the instance.

      We recommend that you grant permissions to a user in a visualized manner. For more information, see the "Grant permissions to a user" section in Manage databases. You can also execute SQL statements to grant permissions. For more information, see Grant permissions to a RAM user.

    Note You can use only Alibaba Cloud accounts to add RAM users to Hologres instances.

Remove a RAM user

In the upper part of the User Management page, select an instance from the Instance Name drop-down list. Find the RAM user that you want to remove and click Delete in the Operation column. In the Delete User message, click OK. After the RAM user is removed from the instance, the RAM user has no permissions on the instance. Delete

Create a custom account

Note You cannot configure an IP address whitelist for custom accounts.
On the User Management page, you can create a custom account to a Hologres instance in a visualized manner. To create a custom account, perform the following steps:
  1. In the upper part of the User Management page, select an instance from the Instance Name drop-down list. In the upper-right corner of the page, click Create Basic User.
  2. In the Create Basic User dialog box, configure the parameters described in the following table. Create Basic User
    Parameter Description
    Account Name Specify a name for the custom account. The name can be up to 57 characters in length and can contain lowercase letters, digits, and underscores (_).
    Select Member Role Select an account type. Valid values:
    • Examples of the Super Administrator (superuser): The superuser of a Hologres instance has all permissions on the instance. If the superuser role is assigned to a RAM user, no further authorization is required for the RAM user.
    • Ordinary user: A normal user created to a Hologres instance has no query or management permissions on the objects in the instance, such as databases, schemas, and tables. The normal user must obtain the required permissions before it can query or manage the objects in the instance.
    Password Set a password for the custom account. The password must meet the following requirements:
    • The password contains at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • The password is 8 to 32 characters in length.
    • The password contains the following special characters: ! @ # $ % ^ & * ( ) _ + - =
    Confirm Password Enter the password again.
  3. Click OK.

Troubleshooting

  • Problem description
    When a custom account is used to access a MaxCompute table, the following error is reported:
    ERROR:  Query:[xxxxxx] Build desc failed: failed to check permission: Authorization Failed [4002], You don't exist in project hologres_test. Context ID:xxxxxx-xxxx-xxxx-xxxx-xxxxxxx.    --->Tips: Pricipal:INVALID$BASIC$xxx; You don't exist in project xxx
  • Cause

    By default, custom accounts are created within Hologres and cannot access MaxCompute tables.

  • Solution
    Execute the CREATE USER MAPPING statement to bind the custom account to a RAM user that has permissions to access MaxCompute projects and Hologres internal tables.
    • Syntax
      CREATE USER MAPPING
      FOR "<user_name>"
      SERVER odps_server
      OPTIONS
      (
          access_id '<Access_id>',
          access_key '<Access_key>'
      );
    • Parameters
      Parameter Description
      user_name The name of the custom account.
      Access_id The AccessKey ID of the RAM user that is used to log on to the Hologres database.

      You can obtain the AccessKey ID from the Security Management page.

      Access_key The AccessKey secret of the RAM user that is used to log on to the Hologres database.

      You can obtain the AccessKey secret from the Security Management page.

    • Examples
      -- Execute the CREATE USER MAPPING statement for a user named BASIC$test.
      CREATE USER MAPPING
      FOR "BASIC$test"
      SERVER odps_server
      OPTIONS (
        access_id 'LTxxxxxxxxxx',
        access_key 'y8xxxxxxxxxxxxx');
      
      -- Execute the CREATE USER MAPPING statement for the current user.
      CREATE USER MAPPING
      FOR CURRENT_USER
      SERVER odps_server
      OPTIONS (
        access_id 'LTxxxxxxxxxx',
        access_key 'y8xxxxxxxxxxxxx');