Use the Permission Settings tool of ApsaraDB for SelectDB - ApsaraDB for SelectDB

Permission Settings is a tool that allows you to manage the permissions of users and roles in ApsaraDB for SelectDB in a visualized manner. You can use this tool to create, delete, modify, and query database users and roles. This topic describes how to use the Permission Settings tool of ApsaraDB for SelectDB.

Prerequisites

An ApsaraDB for SelectDB instance is created. For more information, see Create an instance.
The version of the instance is 3.0.7 or later.
You understand the meanings of users and roles. For more information, see Manage the basic permissions of users.

Procedure

Log on to the ApsaraDB for SelectDB console.
In the top navigation bar, select the region in which the instance that you want to manage resides.
In the left-side navigation pane, click Instances. On the Instances page, find the instance and click its ID to go to the Instance Details page.
Click Data Development and Management in the upper-right corner.
Note
If you use the tools of Data Development and Management for the first time, a message appears and prompts you to add the public IP address of your machine to the IP address whitelist named webui_whitelist of the instance. Read the message and click OK.
Select Permission Settings from the drop-down list.
Note
If you use Permission Settings for the first time and have not logged on to the WebUI system, the WebUI logon page appears.
- You can use the admin account to log on to the WebUI system.
- If you do not know or forget the password of the admin account, you can reset the password. For more information, see Reset the password of an account.
- By default, the Users page appears and displays the users of the ApsaraDB for SelectDB instance, excluding the root user.

On the Privileges page, perform the following operations to manage database users and roles based on your business requirements:

Manage users

In the left-side navigation pane, choose Privileges > Users. On the Users page, you can perform the following operations:

Important

The admin user cannot be deleted.
The roles and permissions of the admin user cannot be modified.
Only users with the ADMIN permissions can modify roles, change passwords, delete users, and modify permissions for users other than the admin user.

Create a user: Click New User in the upper-left corner. In the New User dialog box, configure the parameters that are described in the following table. Click Confirm.

Parameter	Required	Description	Example
User Name	Yes	The name of the user.	test_account
Host	No	The IP address from which the logon requests of the user are sent.	127.0.0.1
Password	Yes	The password of the user.	None
Granted Role	No	The roles of the user.	admin

Modify the roles of a user: Find the user that you want to manage, click the icon in the Actions column, and then select Edit Role. In the Edit User dialog box, select one or more roles from the Granted Role drop-down list and click Confirm.
Change the password of a user: Find the user that you want to manage, click the icon in the Actions column, and then select Change Password. In the Change Password dialog box, enter a password in the New Password field and click Confirm.
Delete a user: Find the user that you want to manage, click the icon in the Actions column, and then select Delete User. In the message that appears, click Confirm.
Note
After a user is deleted, it cannot be recovered.
Modify the permissions of a user:
Grant permissions
1. Click the name of the user that you want to manage to go to the Privileges page.
2. Find the permission type that you want to manage and click Privileges in the upper-right corner of the permission type table. In the dialog box that appears, select the permissions that you want to grant and click Confirm.
Note
For more information about database permissions, see Manage the basic permissions of users.
Revoke permissions
1. Click the name of the user that you want to manage to go to the Privileges page.
2. Find the permissions that you want to manage and click the icon in the last column of the permission type table. In the Revoke dialog box, select the permissions that you want to revoke and click Revoke.
Note
For more information about database permissions, see Manage the basic permissions of users.

Manage roles

In the left-side navigation pane, choose Privileges > Roles. On the Roles page, you can perform the following operations:

Important

The admin role cannot be deleted.
Only users with the ADMIN permissions can delete roles and modify permissions for roles other than the admin role.

Create a role: Click New Role in the upper-left corner. In the New Role dialog box, enter a role name in the Name field. Click Confirm.
Delete a role: Find the role that you want to manage and click the Delete icon in the Actions column. In the message that appears, click Confirm.
Modify the permissions of a role:
Grant permissions
1. Click the name of the role that you want to manage to go to the Privileges page.
2. Find the permission type that you want to manage and click Privileges in the upper-right corner of the permission type table. In the dialog box that appears, select the permissions that you want to grant and click Confirm.
Note
For more information about database permissions, see Permission management.
Revoke permissions
1. Click the name of the role that you want to manage to go to the Privileges page.
2. Find the permissions that you want to manage and click the icon in the last column of the permission type table. In the Revoke dialog box, select the permissions that you want to revoke and click Revoke.
Note
For more information about database permissions, see Permission management.