The authentication feature is used to verify the identity of a user who attempts to log on to OceanBase Database in Oracle mode. This feature checks whether the user can be associated with a certain database user and implements security control on the user's data access activities in the database based on the associated database user's permissions. This topic explains the identity authentication feature in OceanBase Database's Oracle mode.
Applicability
This topic applies only to OceanBase Database in Oracle mode. OceanBase Database Community Edition only supports MySQL mode. For authentication in MySQL mode, see Authentication.
In Oracle mode, this feature authenticates a user's username and password to recognize the user's identity and access to features and resources. OceanBase Database requires all users to log in with the correct username and password to ensure database security.
Example
In Oracle mode, the username is unique within a tenant, but users in different tenants can have the same usernames. Therefore, a user is uniquely identified globally in the system in the username@tenant name format.
Log on to an Oracle tenant of a cluster using the SYS user.
obclient -usys@oracle -h10.xxx.xxx.1 - P2881 -P***1***Execute the following statement to create a user named
u1.obclient> CREATE USER u1 IDENTIFIED BY **1***; Query OK, 0 rows affected (0.064 sec)Execute the following statement to grant user
u1the permission to connect to the database.obclient>GRANT CREATE SESSION TO u1; Query OK, 0 rows affected (0.045 sec)Log on to the cluster using user
u1.$obclient -h10.xxx.xxx.1 -P2881 -uu1@oracle001 -p**1*** -A Welcome to the OceanBase. Commands end with ; or \g. Your OceanBase connection id is 3221707914 Server version: OceanBase 4.0.0.0 (r101000022022120716-0d7927892ad6d830e28437af099f018b0ad9a322) (Built Dec 7 2022 16:22:15) Copyright (c) 2000, 2018, OceanBase and/or its affiliates. All rights reserved. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. obclient [U1]>