Identity authentication

The identity authentication feature validates the user identity when a user logs on to a database to access data, verifies whether the user can be associated with a database user, and implements security control on the activities of the user in the database based on the privileges of the associated database user. This topic describes identity authentication in the Oracle mode of OceanBase Database.

In Oracle mode, this feature authenticates a user’s username and password to recognize the user’s identity and access to features and resources. OceanBase Database requires all users to log on with the correct username and password to ensure database security.

Examples

In Oracle mode, usernames are unique within a tenant, but users in different tenants can have the same username. Therefore, a user is uniquely identified globally in the system in the username@tenant name format.

1. Log on to an Oracle tenant of a cluster as the sys user.

   obclient -usys@oracle -h10.xxx.xxx.1 - P2881 -P*******
   

2. Execute the following statement to create a user named u1.

   obclient> CREATE USER u1 IDENTIFIED BY ******;
   Query OK, 0 rows affected (0.064 sec)
   

3. Execute the following statement to grant user u1 the privilege to connect to the database.

   obclient>GRANT CREATE SESSION TO u1;
   Query OK, 0 rows affected (0.045 sec)
   

4. Log on to the cluster as user u1.

   $obclient -h10.xxx.xxx.1 -P2881 -uu1@oracle001 -p****** -A
   Welcome to the OceanBase.  Commands end with ; or \g.
   Your OceanBase connection id is 3221707914
   Server version: OceanBase 4.0.0.0 (r101000022022120716-0d7927892ad6d830e28437af099f018b0ad9a322) (Built Dec  7 2022 16:22:15)
   
   Copyright (c) 2000, 2018, OceanBase and/or its affiliates. All rights reserved.
   
   Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
   
   obclient [U1]>