Users and roles|V4.3.3| docs|Distributed Database

This topic introduces how to create and manage ODC users and roles.

Background information

OceanBase Developer Center (ODC) allows users with the user creation permission to add users and grant permissions by using roles. The added users can log in to ODC by using their accounts and passwords.

A role is an object that holds user permissions, and users of the same role have the same permissions. ODC allows you to grant permissions to customized roles and assign the roles to users.

Principle

In ODC, users, roles, projects, and system permissions are in the following relationships:

1.20

A user who has the user creation permission can create roles in User Permissions .
A user who has the user creation permission can add users and grant role permissions to them in User Permissions .
A user who has the review process operation permission add project roles to review nodes when creating review processes in Security Specifications .
A user who has the risk level operation permission can select a review process when editing risk levels in Security Specifications .
A user who has the risk identification permission can configure risk identification rules for specific risk levels in Security Specifications .

Considerations

ODC has a built-in administrator user admin . This user automatically has the administrator role system_admin . The administrator role has all system permissions and has access to all public and individual resources. You cannot edit, delete, or disable the administrator role.
A role is an object that holds user permissions, and users of the same role have the same permissions. ODC allows you to grant permissions to customized roles and assign the roles to users.

Manage users

Create a user

Create a single user

Assume that you want to create a user named ODCUSER1 in ODC and grant the system_admin role permission to it as the administrator.

Log in to web ODC. In the left-side navigation pane, click User Permissions .
On the Users tab of the User Permissions page, click Create User , as shown in the preceding figure.

On the Create User page, specify User Information .

User information includes the following three parts:

Parameter	Description
Account	The account used to log in to ODC. You must specify a unique account containing 4 to 48 characters in length using letters, digits, and special characters. The supported special characters are `. _ + @ # $ %`
Name	The screen name to be displayed after the user logs on to ODC. The name must be specified and cannot exceed 110 characters in length.
Password	The password used to log in to ODC. The password must be specified. It must be 8 to 32 characters in length and contain at least two digits, two uppercase letters, two lowercase letters, and two special characters. The supported special characters are `. _ + @ # $ %` You can also click Random Password next to the field to generate a random password. Note After the administrator creates a new user or changes the password of a user, ODC prompts the user to change the user password to a complex one and protect the password against leakage when the user logs on for the first time.

ODC allows you to create multiple users at a time. You can click + Add User to specify the information for multiple users.

Specify Account Status .

By default, the new user is created in the Enable status. You can manually disable it. A disabled account is unable to log in.
Assign roles to the new user.

This parameter is optional. You can assign multiple roles to a user. Click the field. In the drop-down list, select the roles that you want to assign to all users you just added. If no role is available, go to the Create Role page to create one.
Specify Remarks

This parameter is optional. Enter the description in the field. The remarks are optional and cannot exceed 140 characters in length.
Click Create to submit user information.
Save user information.

In the User Created dialog box that appears after you click Create, you can view the information of all users you just created. In the dialog box, you can click Copy User Information and Download User Information to save the information of multiple users in local storage.

The two operations help you quickly save user information when you create multiple users at a time.
View the imported user information in the Users list.

Import multiple users at a time

ODC V4.1.2 and later allow you to upload configuration files to batch import users. Perform the following steps:

On the Users tab of the User Permissions page, click Batch Import .

In the Batch Import panel, click Download Template , and specify the parameters of the users to be imported.

Parameter	Description
Account	Required. The account used to log in to ODC. You must specify a unique account containing 4 to 48 characters in length using letters, digits, and special characters. The supported special characters are `. _ + @ # $ %`
Name	Required. The screen name to be displayed after the user logs on to ODC. The name cannot exceed 110 characters in length.
Password	Required. The password used to log in to ODC. The password must be 8 to 32 characters in length and contain at least two digits, two uppercase letters, two lowercase letters, and two special characters. The supported special characters are `. _ + @ # $ %`
Account Status	Required. Valid values: true and false.
Role	Optional. The name of the role created in ODC. Separate multiple role names with commas (,).
Remarks	Optional.

Click the file pool in the Batch Import panel to open the file explorer and select the file to be imported. You can also directly drag the file to the file pool to upload it.
Click Import . After the users are imported, you can view them in the list of users.

User list

The following table describes the parameters in the user list.

Parameter	Description
Name	The name of the user.
Account	The account of the user.
Role	The roles assigned to the user.
Status	The user status. Valid values: Enable and Disable . You can click the filter icon to filter the users by status.
Updated At	The time of the last update of the user information. You can click Updated At to sort the users by update time in ascending or descending order.
Logon Time	The time of the last logon to ODC. You can click Login Time to sort the users by logon time in ascending or descending order.
Actions	The actions you can take. Valid values: View , Edit , and Disable/Enable . You can click Disable/Enable to change the user status. Note After you log in to ODC, you cannot edit or disable your account.

View a user

In the user list, click View in the Actions column.

In the User Information panel, you can check the User Details and Related Resources tabs.

Tab	Description
User Details	User creation information: displays information that you specified when you created the user in fields such as Account , Name , Password , Role , and Remarks . The password is masked, and a Reset Password button is provided for you to change the logon password. Operation information: displays information in fields such as Created By , Created At , Updated At , and Logon Time . User deletion: You can click Delete User in the lower part of the tab to delete the user. After the user is deleted, the corresponding account cannot log in to ODC and its related data cannot be restored.
Related Resources	This tab displays the names of the public connections that are accessible to the current user and the access permissions.
Edit	In the User Information panel, click Edit to go to the Edit User panel.

Edit User

In the user list, click Edit in the Actions column.
In the Edit User panel, you can view all information specified when you create a user. After the user is created, the Account cannot be modified. However, you can modify the name , account status , roles , and remarks and can change the password on the user details page.

Manage roles

Create a role

Assume that you want to create the odc_project role in ODC as the administrator. The role has permissions to edit the mysql_4.2.0 data source and manage the ODCUSER1 user.

In the left-side navigation pane of the project collaboration window, choose User Permissions > Roles > Create Role .

In the Create Role panel, specify the following information.

Parameter	Description
Role Name	The role name must be specified and cannot exceed 48 characters in length.
Role Status	By default, the new role is created in the Enabled status. You can specify the Disabled status. The permissions for a disabled role do not take effect.
Permission Type	Select at least one permission type for the role. ODC allows you to select Resource Management Permissions and System Operation Permissions . After you select a permission type, the corresponding Permission Settings section appears below. When you create a role, you must specify and set at least one permission type for the role. Resource Management Permissions: the permissions to create, manage, edit, and view data sources, projects, roles, and users. System Operation Permissions: the permissions to view and operate operation records, automatic authorization, review processes, risk identification rules, development specifications, and system integration.
Remarks	Enter the description in the field. The remarks are optional and cannot exceed 140 characters in length.

After you specify the preceding information, click Create in the lower-right corner of the panel to create a role.
After the role is created, you can view the role in the role list.

Role list

The following table describes the parameters in the role list.

Parameter	Description
Role Name	The name of the role.
Permission Type	The type of permissions granted to the role.
Updated At	The time of the last update of the role information.
Status	The status of the role. Valid values: Disabled and Enabled.
Actions	You can view and edit roles.

View roles

In the role list, click View in the Actions column.

In the Role Information panel, you can check the Role Details and Users tabs.

Tab	Description
Role Details	Role creation information: displays the information that you specified when you created the role in fields such as Role Name , Permission Type , and Remarks . Operation information: displays information in fields such as Created By , Created At , and Updated At . Role deletion: You can click Delete Role in the lower part of the tab to delete the role. After the role is deleted, all data related to the role cannot be recovered, and the user permissions granted to the role are revoked. The user logon is not affected.
Related User	The Related User tab displays users that are granted the role. The user information is provided in the following columns: Username , Roles , and Status .

Tab

Description

Role Details

Role creation information: displays the information that you specified when you created the role in fields such as Role Name , Permission Type , and Remarks .
Operation information: displays information in fields such as Created By , Created At , and Updated At .
Role deletion: You can click Delete Role in the lower part of the tab to delete the role. After the role is deleted, all data related to the role cannot be recovered, and the user permissions granted to the role are revoked. The user logon is not affected.

Related User

The Related User tab displays users that are granted the role. The user information is provided in the following columns: Username , Roles , and Status .

In the lower part of the Role Information panel, you can click Edit to go to the Edit Role panel.
You can click Copy Role to go to the Create Role panel. In the panel that appears, the information of the current role is automatically filled.

Edit a role

In the role list, click Edit in the Actions column.
Modify the role information.
In the lower-right corner of the Edit Role panel, click Save to save the changes.

References

Automatic authorization

Users and roles