Skip to content

configure-sql-users.md

Latest commit

 

History

History
102 lines (61 loc) · 5.1 KB

configure-sql-users.md

File metadata and controls

102 lines (61 loc) · 5.1 KB
title Manage Database Users and Roles
summary Learn how to manage database users and roles in the TiDB Cloud console.

Manage Database Users and Roles

This document describes how to manage database users and roles using the SQL Users page in the TiDB Cloud console.

Note:

  • The SQL Users page is in beta and is only available upon request. To request this feature, click ? in the lower-right corner of the TiDB Cloud console, and then click Support Tickets to go to the Help Center. Create a ticket, fill in "Apply for the SQL Users page" in the Description field, and then click Submit.
  • Database users and roles are independent of organization and project users and roles. Database users are used to access databases in a TiDB cluster, while organization and project users are used to access organizations and projects in the TiDB Cloud console.
  • In addition to the SQL Users page, you can also manage database users and roles by connecting to your cluster with a SQL client and writing SQL statements. For more information, see TiDB User Account Management.

Roles of database users

In TiDB Cloud, you can grant both a built-in role and multiple custom roles (if available) to a SQL user for role-based access control.

  • Built-in roles

    TiDB Cloud provides the following built-in roles to help you control the database access of SQL users. You can grant one of the built-in roles to a SQL user.

    • Database Admin
    • Database Read-Write
    • Database Read-Only

  • Custom roles

    In addition to a built-in role, if your cluster has custom roles that are created using the CREATE ROLE statement, you can also grant these custom roles to a SQL user when you create or edit SQL users in the TiDB Cloud console.

After a SQL user is granted both a built-in role and multiple custom roles, the user's permissions will be the union of all the permissions derived from these roles.

Prerequisites

  • To manage database users and roles using the SQL Users page, you must be in the Organization Owner role of your organization or the Project Owner role of your project.
  • If you are in the Project Data Access Read-Write or Project Data Access Read-Only role of a project, you can only view database users on the SQL Users page of that project.

View SQL users

To view SQL users of a cluster, take the following steps:

  1. On the Clusters page of your project, click the name of your target cluster to go to its overview page.

    Tip:

    You can use the combo box in the upper-left corner to switch between organizations, projects, and clusters.

  2. In the left navigation pane, click Settings > SQL Users.

Create a SQL user

To create a SQL user for a cluster, take the following steps:

  1. Navigate to the SQL Users page of your cluster.

  2. Click Create SQL User in the upper-right corner.

    A dialog for the SQL user configuration is displayed.

  3. In the dialog, provide the information of the SQL user as follows:

    1. Enter the name of the SQL user.

    2. Either create a password for the SQL user or let TiDB Cloud automatically generate a password for the user.

    3. Grant roles to the SQL user.

      • Built-in Role: you need to select a built-in role for the SQL user in the Built-in Role drop-down list.

      • Custom Role: if your cluster has custom roles that are created using the CREATE ROLE statement, you can grant custom roles to the SQL user by selecting the roles from the Custom Role drop-down list. Otherwise, the Custom Roles drop-down list is invisible here.

    For each SQL user, you can grant a built-in role and multiple custom roles (if any).

  4. Click Create.

Edit a SQL user

To edit the password or roles of a SQL user, take the following steps:

  1. Navigate to the SQL Users page of your cluster.

  2. In the row of the SQL user to be edited, click ... in the Action column, and then click Edit.

    A dialog for the SQL user configuration is displayed.

  3. In the dialog, you can edit the user password and roles as needed, and then click Update.

    Note:

    The roles of the default <prefix>.root user do not support modification. You can only change the password.

Delete a SQL user

To delete a SQL user, take the following steps:

  1. Navigate to the SQL Users page of your cluster.

  2. In the row of the SQL user to be deleted, click ... in the Action column, and then click Delete.

    Note:

    The default <prefix>.root user does not support deletion.

  3. Confirm the deletion.