Help Center/ GaussDB/ Developer Guide(Centralized_V2.0-3.x)/ Development and Design Proposal/ Database Design Specifications/ Permission Design Specifications
Updated on 2025-03-13 GMT+08:00
View PDF
Share

Permission Design Specifications

  • [Rule] The initial database user can only connect and access a database for DBA management. Services are not allowed to directly log in as this user to connect to and access the database.

    Initial database user, that is, the database installation user, which has the same name as the OS user to which the database belongs.

  • [Rule] The initial database user creates a database and users for services. Services use the created users to log in to and access the database.
  • [Rule] Assign permissions to roles and users based on the least privilege principle.
  • [Recommendation] Manage permissions by roles instead of users.

    Use roles to manage permissions, that is, configure permissions for roles and grant the roles to users.

    Roles facilitate permission management in scenarios such as multiple users and user changes. Example:

    • Roles and users are in many-to-many relationship. A role can be granted to multiple users. If permissions of a role are modified, the permissions of the granted users can be updated at the same time.
    • Deleting a user does not affect the role.
    • A new user can quickly obtain required permissions by granting a role to the user.
  • [Recommendation] When deleting a specified database, revoke the CONNECT permission of users on the database to prevent deletion failures caused by active database connections.
  • [Recommendation] Avoid the risk of permission exploitation due to improper use of permissions.

    In some scenarios, improper user operations may cause permission exploitation. Example:

    • When creating a non-system type by associating a function, the user needs to understand the definition of the type and the function associated with the type. If this function is not properly used, permissions may be exploited due to the associated function.
    • When GRANT is used to grant a user the permission to use a table, if the permission is not properly used, ALTER may be used to add expressions to the default values and constraints of the table, or indexes may be created to add expressions to INDEX. In this case, the permission may be exploited.
    • When GRANT is used to grant the TRIGGER permission, if the permission is not properly used, the WHEN condition may be used to create expressions. When the TRIGGER is triggered, the permission may be exploited.