OceanBase logo

OceanBase

A unified distributed database ready for your transactional, analytical, and AI workloads.

DEPLOY YOUR WAY

OceanBase Cloud

The best way to deploy and scale OceanBase

OceanBase Enterprise

Run and manage OceanBase on your infra

TRY OPEN SOURCE

OceanBase Community Edition

The free, open-source distributed database

OceanBase seekdb

Open source AI native search database

Customer Stories

Real-world success stories from enterprises across diverse industries.

View All
BY USE CASES

Mission-Critical Transactions

Global & Multicloud Application

Elastic Scaling for Peak Traffic

Real-time Analytics

Active Geo-redundancy

Database Consolidation

Resources

Comprehensive knowledge hub for OceanBase.

Blog

Live Demos

Training & Certification

Documentation

Official technical guides, tutorials, API references, and manuals for all OceanBase products.

View All
PRODUCTS

OceanBase Cloud

OceanBase Database

Tools

Connectors and Middleware

QUICK START

OceanBase Cloud

OceanBase Database

BEST PRACTICES

Practical guides for utilizing OceanBase more effectively and conveniently

Company

Learn more about OceanBase – our company, partnerships, and trust and security initiatives.

About OceanBase

Partner

Trust Center

Contact Us

International - English
中国站 - 简体中文
日本 - 日本語
Sign In
Start on Cloud

A unified distributed database ready for your transactional, analytical, and AI workloads.

DEPLOY YOUR WAY

OceanBase Cloud

The best way to deploy and scale OceanBase

OceanBase Enterprise

Run and manage OceanBase on your infra

TRY OPEN SOURCE

OceanBase Community Edition

The free, open-source distributed database

OceanBase seekdb

Open source AI native search database

Customer Stories

Real-world success stories from enterprises across diverse industries.

View All
BY USE CASES

Mission-Critical Transactions

Global & Multicloud Application

Elastic Scaling for Peak Traffic

Real-time Analytics

Active Geo-redundancy

Database Consolidation

Comprehensive knowledge hub for OceanBase.

Blog

Live Demos

Training & Certification

Documentation

Official technical guides, tutorials, API references, and manuals for all OceanBase products.

View All
PRODUCTS
OceanBase CloudOceanBase Database
ToolsConnectors and Middleware
QUICK START
OceanBase CloudOceanBase Database
BEST PRACTICES

Practical guides for utilizing OceanBase more effectively and conveniently

Learn more about OceanBase – our company, partnerships, and trust and security initiatives.

About OceanBase

Partner

Trust Center

Contact Us

Start on Cloud
编组
All Products
    • Databases
    • iconOceanBase Database
    • iconOceanBase Cloud
    • iconOceanBase Tugraph
    • iconInteractive Tutorials
    • iconOceanBase Best Practices
    • Tools
    • iconOceanBase Cloud Platform
    • iconOceanBase Migration Service
    • iconOceanBase Developer Center
    • iconOceanBase Migration Assessment
    • iconOceanBase Admin Tool
    • iconOceanBase Loader and Dumper
    • iconOceanBase Deployer
    • iconKubernetes operator for OceanBase
    • iconOceanBase Diagnostic Tool
    • iconOceanBase Binlog Service
    • Connectors and Middleware
    • iconOceanBase Database Proxy
    • iconEmbedded SQL in C for OceanBase
    • iconOceanBase Call Interface
    • iconOceanBase Connector/C
    • iconOceanBase Connector/J
    • iconOceanBase Connector/ODBC
    • iconOceanBase Connector/NET
icon

OceanBase Developer Center

V4.3.1

  • Overview
    • What is ODC?
    • Features
    • Architecture
    • Limitations
    • ODC console
  • Quick Start
    • Client ODC
      • Overview
      • Install Client ODC
      • Use Client ODC
    • Web ODC
      • Overview
      • Deploy Web ODC
      • Use Web ODC
  • Data Source Management
    • Create a data source
    • Data sources and project collaboration
    • Database O&M
      • Session management
      • Global variable management
      • Recycle bin management
  • SQL Development
    • SQL editing and execution
    • Perform PL compilation and debugging
    • Use the command-line window
    • Edit and export the result set of an SQL statement
    • Execution analysis
    • Generate test data
    • Database objects
      • Table objects
        • Overview
        • Create a table
        • Manage tables
      • View objects
        • Overview
        • Create a view
        • Manage views
      • Function objects
        • Overview
        • Create a function
        • Manage functions
      • Stored procedure objects
        • Overview
        • Create a stored procedure
        • Manage stored procedures
      • Sequence objects
        • Overview
        • Create a sequence
        • Manage sequences
      • Package objects
        • Overview
        • Create a program package
        • Manage program packages
      • Trigger objects
        • Overview
        • Create a trigger
        • Manage triggers
      • Type objects
        • Overview
        • Create a type
        • Manage types
      • Synonym objects
        • Overview
        • Create a synonym
        • Manage synonyms
  • Import and Export
    • Import schemas and data
    • Export schemas and data
  • Database Change Management
    • User Permission Management
      • Users and roles
      • Automatic authorization
    • Project collaboration management
    • Risk levels, risk identification rules, and approval processes
    • SQL check specifications
    • SQL window specification
    • Database change management
    • Logical database change management
    • Batch database change management
    • Lock-free schema changes
    • Synchronize shadow tables
    • Schema comparison
  • Data Lifecycle Management
    • Archive data
    • Clean up data
    • Partitioning Plan Management
      • Manage partitioning plans
      • Set partitioning strategies
      • Examples
    • SQL plan task
  • Data Desensitization and Auditing
    • Desensitize data
    • Operation records
  • Notification Management
    • Overview
    • View notification records
    • Manage Notification Channel
      • Create a notification channel
      • View, edit, and delete a notification channel
      • Configure a custom channel
    • Manage notification rules
  • System Integration
    • Login integration
    • Approval integration
    • SQL approval integration
  • Deployment Guide
    • Deployment overview
    • Preparations before deployment
    • Load and run an ODC image
    • Deploy ODC in high-availability mode
    • Deployment verification
  • Upgrade Guide
    • Upgrade Overview
    • Preparations before upgrade
    • Update single-node ODC
    • Update high-avaliability ODC
    • Upgrade verification
    • Rollback after upgrade failed
  • Troubleshooting
    • ODC troubleshooting process
    • Collect Message
      • View the runtime environment and version information
      • View web ODC logs
      • View client ODC logs
      • View end-to-end ODC-related logs
      • View ODC MetaDB data
      • Query the index status in OceanBase Database V4.x
      • Query the index status in OceanBase Database V1.4.x to V3.2.x
      • Collect JVM runtime information
      • Use tcpdump to capture packets
    • Common Troubleshooting
      • Deployment Upgrade
        • Web ODC cannot be accessed after startup
      • Database Connection
        • Access denied in a connection trial or test
        • Connection is refused in a connection trial or test
        • Connection times out
        • `Connection reset` is reported for a time-consuming statement
        • `socket write error` or `closed by server` is reported for a connection
      • SQL Execution
        • Disconnection during SQL execution
        • `Over tenant memory limits` is reported during SQL execution
        • `Unknown thread id` is returned during SQL execution
        • `timeout` errors returned during SQL execution
        • `OutOfMemoryError` is returned during SQL execution
        • Incomplete result columns for the SELECT statement
        • Garbled Chinese characters in the SQL execution result set
        • Garbled Chinese data is returned for query of data in GBK encoding
      • PL Object
        • Debugging is not supported for invalid PL objects
        • `JSONException` is reported during PL debugging
        • Garbled variable values in debugging
        • Failed to view PL objects or garbled characters are returned
        • PL objects cannot be executed or an execution error is returned
        • ODC issues during PL debugging
        • PL anonymous block cannot be debugged
        • Alert information of a PL object is unavailable
      • Import and Export
        • Garbled Chinese characters in an imported file in GBK encoding
        • Invalid ZIP package reported during file import
        • Time-type data exported from an Oracle tenant cannot be imported
        • Mismatched columns reported during the import of a single-table CSV file
        • Failed to export a result set in ODC to an Excel file
        • Incorrect display in Excel for a result set exported in CSV format
        • Incomplete data in batch export of multiple tables
        • `javax.crypto.BadPaddingException: Given final block not properly padded` is returned for a data import or export failure
      • Client ODC Problems
        • Client ODC startup failure / H2 Database corruption: Chuck not found
        • Garbled Chinese characters in the command-line window of ODC
        • Failed to install client ODC
        • Client ODC startup failure or no response
        • `Not a valid secret key` is returned for connection creation in client ODC
        • `User does not exist` returned for connection creation in client ODC
        • High memory usage of client ODC
        • Client ODC fails to be installed or start due to a port conflict
      • Front Page Exception
        • JavaScript exception is thrown on the ODC page
        • No response in browser after opening ODC
        • White screen in ODC
      • Account Password Problem
        • Forgot the admin account password in ODC V3.2.0 or later
        • Forgot an account password in ODC V2.4.1 to V3.1.3
        • Forgot an account password in ODC V2.4.0 or earlier
    • FAQ
      • Installation of client ODC
      • Web ODC deployment and startup
      • FAQ
      • Command-line window
      • DDL statement display
  • Release Note
    • V4.3
      • ODC V4.3.2
      • ODC V4.3.1
      • ODC V4.3.0
    • V4.2
      • ODC V4.2.4
      • ODC V4.2.3
      • ODC V4.2.2
      • ODC V4.2.1
      • ODC V4.2.0
    • V4.1
      • ODC V4.1.3
      • ODC V4.1.2
      • ODC V4.1.1
      • ODC V4.1.0
    • V4.0
      • ODC V4.0.2
      • ODC V4.0.0
    • V3.4
      • ODC V3.4.0
    • V3.3
      • ODC V3.3.3
      • ODC V3.3.2
      • ODC V3.3.1
      • ODC V3.3.0
    • V3.2
      • ODC V3.2.3
      • ODC V3.2.2
      • ODC V3.2.1
      • ODC V3.2.0

Download PDF

What is ODC? Features Architecture Limitations ODC console Overview Install Client ODC Use Client ODC Overview Deploy Web ODC Use Web ODC Create a data source Data sources and project collaboration Session management Global variable management Recycle bin management SQL editing and execution Perform PL compilation and debugging Use the command-line window Edit and export the result set of an SQL statement Execution analysis Generate test data Import schemas and data Export schemas and data Users and roles Automatic authorization Project collaboration management Risk levels, risk identification rules, and approval processes SQL check specifications SQL window specification Database change management Logical database change management Batch database change management Lock-free schema changes Synchronize shadow tables Schema comparison Archive data Clean up data Manage partitioning plans Set partitioning strategies Examples SQL plan task Desensitize data Operation records Overview View notification records Create a notification channel View, edit, and delete a notification channel Configure a custom channel Manage notification rules Login integration Approval integration SQL approval integrationDeployment overview Preparations before deployment Load and run an ODC image Deploy ODC in high-availability modeDeployment verification Upgrade OverviewPreparations before upgrade Update single-node ODC Update high-avaliability ODCUpgrade verification Rollback after upgrade failed ODC troubleshooting process View the runtime environment and version information View web ODC logsView client ODC logsView end-to-end ODC-related logsView ODC MetaDB dataQuery the index status in OceanBase Database V4.xQuery the index status in OceanBase Database V1.4.x to V3.2.xCollect JVM runtime informationUse tcpdump to capture packetsInstallation of client ODCWeb ODC deployment and startupFAQCommand-line windowDDL statement display ODC V4.3.2 ODC V4.3.1 ODC V4.3.0 ODC V4.2.4 ODC V4.2.3 ODC V4.2.2 ODC V4.2.1 ODC V4.2.0 ODC V4.1.3 ODC V4.1.2 ODC V4.1.1 ODC V4.1.0 ODC V4.0.2 ODC V4.0.0ODC V3.4.0ODC V3.3.3 ODC V3.3.2 ODC V3.3.1 ODC V3.3.0 ODC V3.2.3 ODC V3.2.2
OceanBase logo

The Unified Distributed Database for the AI Era.

Follow Us
Products
OceanBase CloudOceanBase EnterpriseOceanBase Community EditionOceanBase seekdb
Resources
DocsBlogLive DemosTraining & Certification
Company
About OceanBaseTrust CenterLegalPartnerContact Us
Follow Us

© OceanBase 2026. All rights reserved

Cloud Service AgreementPrivacy PolicySecurity
Contact Us
Document Feedback
  1. Documentation Center
  3. OceanBase Developer Center
  5. V4.3.1
iconOceanBase Developer Center
V 4.3.1
  • V 4.4.2
  • V 4.4.1
  • V 4.4.0
  • V 4.3.4
  • V 4.3.3
  • V 4.3.2
  • V 4.3.1
  • V 4.3.0
  • V 4.2.4
  • V 4.2.3
  • V 4.2.2
  • V 4.2.1
  • V 4.2.0
  • V 4.1.3 and earlier

Users and roles

Last Updated:2025-01-03 09:45:33  Updated
share
What is on this page
Background information
Principle
Considerations
Manage users
Create a user
User list
View a user
Edit User
Manage roles
Create a role
Role list
View roles
Edit a role
References

folded

share

This topic introduces how to create and manage ODC users and roles.

Background information

OceanBase Developer Center (ODC) allows users with the user creation permission to add users and grant permissions by using roles. The added users can log on to ODC by using their accounts and passwords.

A role is an object that holds user permissions, and users of the same role have the same permissions. ODC allows you to grant permissions to customized roles and assign the roles to users.

Principle

In ODC, users, roles, projects, and system permissions are in the following relationships:

1.20

  1. A user who has the user creation permission can create roles in User Permissions.

  2. A user who has the user creation permission can add users and grant role permissions to them in User Permissions.

  3. A user who has the review process operation permission add project roles to review nodes when creating review processes in Security Specifications.

  4. A user who has the risk level operation permission can select a review process when editing risk levels in Security Specifications.

  5. A user who has the risk identification permission can configure risk identification rules for specific risk levels in Security Specifications.

Considerations

  • ODC has a built-in administrator user admin. This user automatically has the administrator role system_admin. The administrator role has all system permissions and has access to all public and individual resources. You cannot edit, delete, or disable the administrator role.

  • A role is an object that holds user permissions, and users of the same role have the same permissions. ODC allows you to grant permissions to customized roles and assign the roles to users.

Manage users

Create a user

Create a single user

Assume that you want to create a user named ODCUSER1 in ODC and grant the system_admin role permission to it as the administrator.

  1. Log on to web ODC. In the left-side navigation pane, click User Permissions.

  2. On the Users tab of the User Permissions page, click Create User, as shown in the preceding figure.

  3. On the Create User page, specify User Information.

    • User information includes the following three parts:

      Parameter Description
      Account The account used to log on to ODC. You must specify a unique account containing 4 to 48 characters in length using letters, digits, and special characters. The supported special characters are . _ + @ # $ %
      Name The screen name to be displayed after the user logs on to ODC. The name must be specified and cannot exceed 110 characters in length.
      Password The password used to log on to ODC. The password must be specified. It must be 8 to 32 characters in length and contain at least two digits, two uppercase letters, two lowercase letters, and two special characters. The supported special characters are . _ + @ # $ %
      You can also click Random Password next to the field to generate a random password.
      Note
      After the administrator creates a new user or changes the password of a user, ODC prompts the user to change the user password to a complex one and protect the password against leakage when the user logs on for the first time.

    • ODC allows you to create multiple users at a time. You can click + Add User to specify the information for multiple users.

  4. Specify Account Status.

    By default, the new user is created in the Enable status. You can manually disable it. A disabled account is unable to log on.

  5. Assign roles to the new user.

    This parameter is optional. You can assign multiple roles to a user. Click the field. In the drop-down list, select the roles that you want to assign to all users you just added. If no role is available, go to the Create Role page to create one.

  6. Specify Remarks

    This parameter is optional. Enter the description in the field. The remarks are optional and cannot exceed 140 characters in length.

  7. Click Create to submit user information.

  8. Save user information.

    In the User Created dialog box that appears after you click Create, you can view the information of all users you just created. In the dialog box, you can click Copy User Information and Download User Information to save the information of multiple users in local storage.

    The two operations help you quickly save user information when you create multiple users at a time.

  9. View the imported user information in the Users list.

Import multiple users at a time

ODC V4.1.2 and later allow you to upload configuration files to batch import users. Perform the following steps:

  1. On the Users tab of the User Permissions page, click Batch Import.

  2. In the Batch Import panel, click Download Template, and specify the parameters of the users to be imported.

    Parameter Description
    Account Required. The account used to log on to ODC. You must specify a unique account containing 4 to 48 characters in length using letters, digits, and special characters. The supported special characters are . _ + @ # $ %
    Name Required. The screen name to be displayed after the user logs on to ODC. The name cannot exceed 110 characters in length.
    Password Required. The password used to log on to ODC. The password must be 8 to 32 characters in length and contain at least two digits, two uppercase letters, two lowercase letters, and two special characters. The supported special characters are . _ + @ # $ %
    Account Status Required. Valid values: true and false.
    Role Optional. The name of the role created in ODC. Separate multiple role names with commas (,).
    Remarks Optional.

  3. Click the file pool in the Batch Import panel to open the file explorer and select the file to be imported. You can also directly drag the file to the file pool to upload it.

  4. Click Import. After the users are imported, you can view them in the list of users.

User list

The following table describes the parameters in the user list.

Parameter Description
Name The name of the user.
Account The account of the user.
Role The roles assigned to the user.
Status The user status. Valid values: Enable and Disable. You can click the filter icon filter to filter the users by status.
Updated At The time of the last update of the user information. You can click Updated At to sort the users by update time in ascending or descending order.
Logon Time The time of the last logon to ODC. You can click Login Time to sort the users by logon time in ascending or descending order.
Actions The actions you can take. Valid values: View, Edit, and Disable/Enable. You can click Disable/Enable to change the user status.
Note:
After you log on to ODC, you cannot edit or disable your account.

View a user

  1. In the user list, click View in the Actions column.

  2. In the User Information panel, you can check the User Details and Related Resources tabs.

    Tab Description
    User Details
    • User creation information: displays information that you specified when you created the user in fields such as Account, Name, Password, Role, and Remarks. The password is masked, and a Reset Password button is provided for you to change the logon password.
    • Operation information: displays information in fields such asCreated By, Created At, Updated At, and Logon Time.
    • User deletion: You can click Delete User in the lower part of the tab to delete the user. After the user is deleted, the corresponding account cannot log on to ODC and its related data cannot be restored.
    Related Resources This tab displays the names of the public connections that are accessible to the current user and the access permissions.
    Edit In the User Information panel, click Edit to go to the Edit User panel.

Edit User

  1. In the user list, click Edit in the Actions column.

  2. In the Edit User panel, you can view all information specified when you create a user. After the user is created, the Account cannot be modified. However, you can modify the name, account status, roles, and remarks and can change the password on the user details page.

Manage roles

Create a role

Assume that you want to create the odc_project role in ODC as the administrator. The role has permissions to edit the mysql_4.2.0 data source and manage the ODCUSER1 user.

  1. In the left-side navigation pane of the project collaboration window, choose User Permissions > Roles > Create Role.

  2. In the Create Role panel, specify the following information.

    Parameter Description
    Role Name The role name must be specified and cannot exceed 48 characters in length.
    Role Status By default, the new role is created in the Enabled status. You can specify the Disabled status. The permissions for a disabled role do not take effect.
    Permission Type Select at least one permission type for the role.
    ODC allows you to select Resource Management Permissions and System Operation Permissions. After you select a permission type, the corresponding Permission Settings section appears below. When you create a role, you must specify and set at least one permission type for the role.
    • Resource Management Permissions: the permissions to create, manage, edit, and view data sources, projects, roles, and users.
    • System Operation Permissions: the permissions to view and operate operation records, automatic authorization, review processes, risk identification rules, development specifications, and system integration.
    Remarks Enter the description in the field. The remarks are optional and cannot exceed 140 characters in length.

  3. After you specify the preceding information, click Create in the lower-right corner of the panel to create a role.

  4. After the role is created, you can view the role in the role list.

Role list

The following table describes the parameters in the role list.

Parameter Description
Role Name The name of the role.
Permission Type The type of permissions granted to the role.
Updated At The time of the last update of the role information.
Status The status of the role. Valid values: Disabled and Enabled.
Actions You can view and edit roles.

View roles

  1. In the role list, click View in the Actions column.

  2. In the Role Information panel, you can check the Role Details and Users tabs.

    Tab Description
    Role Details
    • Role creation information: displays the information that you specified when you created the role in fields such as Role Name, Permission Type, and Remarks.
    • Operation information: displays information in fields such as Created By, Created At, and Updated At.
    • Role deletion: You can click Delete Role in the lower part of the tab to delete the role. After the role is deleted, all data related to the role cannot be recovered, and the user permissions granted to the role are revoked. The user logon is not affected.
    Related User The Related User tab displays users that are granted the role. The user information is provided in the following columns: Username, Roles, and Status.

  3. In the lower part of the Role Information panel, you can click Edit to go to the Edit Role panel.

  4. You can click Copy Role to go to the Create Role panel. In the panel that appears, the information of the current role is automatically filled.

Edit a role

  1. In the role list, click Edit in the Actions column.

  2. Modify the role information.

  3. In the lower-right corner of the Edit Role panel, click Save to save the changes.

References

  • Automatic authorization

Previous topic

Export schemas and data
Last

Next topic

Automatic authorization
Next
What is on this page
Background information
Principle
Considerations
Manage users
Create a user
User list
View a user
Edit User
Manage roles
Create a role
Role list
View roles
Edit a role
References