3.6 創建管理用戶
https://www.cockroachlabs.com/docs/stable/create-and-manage-users.html
--注意刪除用戶時不會自動回收用戶的權限,爲了防止以後的用戶同名,刪除用戶前需要revoke權限
[root@localhost cockroach-v1.1.4]# cockroach user help
Usage:
cockroach user [flags]
cockroach user [command]
Available Commands:
get fetches and displays a user
ls list all users
rm remove a user
set create or update a user
Global Flags:
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log-dir string if non-empty, write log files in this directory
--log-dir-max-size bytes maximum combined size of all log files (default 100 MiB)
--log-file-max-size bytes maximum size of each log file (default 10 MiB)
--log-file-verbosity Severity minimum verbosity of messages written to the log file (default INFO)
--logtostderr Severity[=DEFAULT] logs at or above this threshold go to stderr (default NONE)
--no-color disable standard error log colorization
--verbosity level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Use "cockroach user [command] --help" for more information about a command.
[root@localhost cockroach-v1.1.4]# cockroach user ls --certs-dir=certs --port=26260
# Server version: CockroachDB CCL v1.1.4 (linux amd64, built 2018/01/08 17:32:42, go1.8.3) (same version as client)
# Cluster ID: c2e1f825-f663-433f-80fa-6db8ed05023d
+----------+
| username |
+----------+
+----------+
(0 rows)
[root@localhost cockroach-v1.1.4]# cockroach user ls
Error: connections with user root must use a client certificate
Failed running "user"
3.6.1 創建用戶
創建用戶
[root@localhost cockroach-v1.1.4]# cockroach user set jingjing --password --certs-dir=certs --port=26260
Enter password:
Confirm password:
# Server version: CockroachDB CCL v1.1.4 (linux amd64, built 2018/01/08 17:32:42, go1.8.3) (same version as client)
# Cluster ID: c2e1f825-f663-433f-80fa-6db8ed05023d
INSERT 1
登陸:
[[email protected]]# cockroach sql --certs-dir=certs --port=26260--user=jingjing
#Welcome to the cockroach SQL interface.
#All statements must be terminated by a semicolon.
#To exit: CTRL + D.
#
Enterpassword:
#Server version: CockroachDB CCL v1.1.4 (linux amd64, built 2018/01/0817:32:42, go1.8.3) (same version as client)
#Cluster ID: c2e1f825-f663-433f-80fa-6db8ed05023d
#
#Enter \? for a brief introduction.
#
查看用戶
[root@localhost cockroach-v1.1.4]# cockroach user ls --certs-dir=certs --port=26260
# Server version: CockroachDB CCL v1.1.4 (linux amd64, built 2018/01/08 17:32:42, go1.8.3) (same version as client)
# Cluster ID: c2e1f825-f663-433f-80fa-6db8ed05023d
+----------+
| username |
+----------+
| jingjing |
+----------+
(1 row)
查看用戶詳細信息
[root@localhost cockroach-v1.1.4]# cockroach user get jingjing --certs-dir=certs --port=26260
# Server version: CockroachDB CCL v1.1.4 (linux amd64, built 2018/01/08 17:32:42, go1.8.3) (same version as client)
# Cluster ID: c2e1f825-f663-433f-80fa-6db8ed05023d
+----------+--------------------------------------------------------------+
| username | hashedPassword |
+----------+--------------------------------------------------------------+
| jingjing | $2a$10$WHwDGWlBlEC1spe5Q588KeK.RRKXBs8fLYT0e8nqhKcbjhR6ZL4Pi |
+----------+--------------------------------------------------------------+
(1 row)
root@:26260/> select * from system.users
-> ;
+----------+--------------------------------------------------------------+
| username | hashedPassword |
+----------+--------------------------------------------------------------+
| jingjing | $2a$10$WHwDGWlBlEC1spe5Q588KeK.RRKXBs8fLYT0e8nqhKcbjhR6ZL4Pi |
+----------+--------------------------------------------------------------+
(1 row)
Time: 6.030326ms
改用戶密碼:(與建用戶命令相同)
cockroach user set jingjing --password --certs-dir=certs --port=26260
刪除用戶:--echo-sql 表示隱式輸出
cockroach user rm jingjing--insecure --echo-sql
DELETE FROM system.users WHERE username='jingjing';
--注意刪除用戶時不會自動回收用戶的權限,爲了防止以後的用戶同名,刪除用戶前需要revoke權限
標準刪除用戶流程:
SHOW GRANTS ON DATABASE bank FOR jingjing;
REVOKE INSERT ON bank.accounts FROM j
ingjing
;
drop user
j
ingjing
;
3.6.2 授權
https://www.cockroachlabs.com/docs/stable/grant.html