A role is an object that holds user permissions, and users of the same role have the same permissions. OceanBase Developer Center (ODC) allows you to grant permissions to customized roles and assign the roles to users.
Log on to ODC as the administrator, and go to the Public Resource Console page. In the left-side navigation pane, choose Resource Permissions > Role to display the Role Management page on the right.
Built-in roles
ODC has a built-in administrator role system_admin that is automatically assigned to the administrator, whose username is admin . The administrator role has all system permissions and has access to all public and individual resources. You cannot edit, delete, or disable the administrator role.
Create a role
Click Create Role in the upper-right corner of the Role Management page. The Create Role panel appears.
You can take the following steps to create a role:
Specify Role Name .
The role name must be specified and cannot exceed 48 characters in length.
Specify Role Status .
By default, the new role is created in the Enabled status. You can specify the Disabled status. The permissions for a disabled role do not take effect.
Specify Permission Type .
Select at least one permission type for the role.
ODC allows you to select the Public Resource Permissions and Individual Resource Permissions types. After you select a permission type, the corresponding Permission Settings section appears below. When you create a role, you must specify and set at least one permission type for the role.
Configure Permission Settings .
The following table shows options in each Permission Type tab in the Permission Settings section.
Permission type Description Connection Access Permissions - Resource Type: includes Public Connection and Resource Group.
- Click the second field and select the resources as needed from the drop-down list. Depending on the selected resource type, the list displays the names of the resources that have been created in the current system.
- Resource Permissions: Click the third field and select the public resource permission as needed from the drop-down list. Permissions for public resources include read-only, read/write and apply. For more information, see the Permission description section below. Click Add Resource to grant the role the permission for multiple public resources.
Resource Management Permissions - Resource Type: includes Public Connection, Resource Group, Role and Users. Click the first field and select the resources as needed from the drop-down list.
- Resource Name: Click the second field and select the resources as needed from the drop-down list. Depending on the selected resource type, the list displays the names of the resources that have been created in the current system.
- Resource Permissions: Click the third field and select the public resource permission as needed from the drop-down list. Permissions for public resources include manage, edit and view only. For more information, see the Permission description section below.
System Permissions - Resource Type: includes permissions on private connections and the console. Click the first field and select the resources as needed from the drop-down list.
- Resource Permissions: Click the third field and select the public resource permission as needed from the drop-down list. Permissions for public resources include operate and view only. For more information, see the Permission description section below.
Specify Remarks (optional) .
Enter the description in the field. The remarks are optional and cannot exceed 140 characters in length.
Complete the creation.
Click Create in the lower-right corner of the panel to create the role.
Permission description
ODC supports Public Resource Permissions and Individual Resource Permissions . The types of the public resources are Public Connection and Resource Group . The following table shows the scope and description of supported permissions.
| Permission scope | Read-only | Read/Write |
|---|---|---|
| SQL window | Support query statements in the SQL window | Support control statements in the SQL window Support query statements in the SQL window Support data change statements in the SQL window Support structure change statements in the SQL window |
| Result set | View the result set Export the result set | View the result set Export the result set Modify the result set |
| Anonymous block window | Support operations other than writing | Support all operations in the anonymous block window |
| Command-line window | Support operations other than writing | Support all operations in the command-line window |
| Data mocking | Not supported | Support all permissions for data mocking |
| Asynchronous execution | Support operations other than writing | Support all permissions for asynchronous execution |
| Import and export | Export | Support data import Export |
| Session | View session properties View all sessions | View session properties Modify session properties View all sessions Modify the list of sessions |
| Recycle bin | View objects in the recycle bin | View objects in the recycle bin Modify the recycle bin |
| Table (non-SQL statement operations) | View the table definition View table data | View the table definition View table data Modify the table definition Modify table data Create a table Delete a table |
| View (non-SQL statement operations) | View the view definition Check view data | View the view definition Check view data Create a view Delete a view |
| Function (non-SQL statement operations) | View the function definition | View the function definition Modify the function definition Run a function Compile a function Debug a function Create a function Delete a function |
| Stored procedure (non-SQL statement operations) | View the stored procedure definition | View the stored procedure definition Modify the stored procedure definition Run a stored procedure Compile a stored procedure Debug a stored procedure Create a stored procedure Delete a stored procedure |
| Program package (non-SQL statement operations) | View the program package definition | View the program package definition Modify the program package definition Run a program package Compile a program package Debug a program package Create a program package Delete a program package |
| Trigger (non-SQL statement operations) | View the trigger definition | View the trigger definition Modify the trigger definition Create a trigger Delete a trigger Compile a trigger |
| Type (non-SQL statement operations) | View the type definition | View the type definition Modify the type definition Create a type Delete a type Compile a type |
| Synonym (non-SQL statement operations) | View the synonym definition | View the synonym definition Create a synonym Delete a synonym |
| Sequence (non-SQL statement operations) | View the sequence definition | View the sequence definition Modify the sequence definition Create a sequence Delete a sequence |
Manage roles
The information of roles is displayed in a list on the Role Management page, where you can perform the following operations:
Click the refresh icon to manually refresh the list.
Search for roles by using the search box in the upper-right corner of the list.
You can also view and manage the created roles by using the buttons provided in the Actions column.
Information of roles
The information of roles is provided by columns, which are described in the following table. A filter is provided on top of some columns for you to filter roles.
| Field | Description |
|---|---|
| Role Name | The name of the role. |
| Permission Type | The type of permissions granted to the role. |
| Status | The role status. Valid values: Enabled and Disabled . |
| Updated At | The time of the last update of the role information. |
| Actions | The actions you can take. Valid values: View , Edit , and Disable / Enable . You can click Disable / Enable to change the role status. |
View a role
Click View in the Actions column. In the Role Information panel, you can see the tabs Role Details and Related Users. The following table describes the information displayed on the tabs.
Field Description Role Details - Role creation information: displays the information that you specified when you created the role in fields such as Role Name , Permission Type, and Remarks.
- Operation information: displays information in fields such as Created By , Created At , and Updated At.
- Role deletion: You can click Delete Role in the lower part of the tab to delete the role. After the role is deleted, all data related to the role cannot be recovered, and the user permissions granted to the role are revoked. The user logon is not affected.
Related Users The Related Users tab displays users that are granted the role. The user information is provided in the following columns: Username , Roles , and Status . In the lower part of the Role Information panel, you can click Edit to go to the Edit Role panel, and
click Copy Role to go to the Create Role panel. In the panel that appears, the information of the current role is automatically filled.
Edit a role
Click Edit in the Actions column to go to the Edit Role panel.
Field Description Role Details Operation information: displays information in fields such as Role Name , Role Status , Permission Type , Permission Settings , and Remarks . Related Users The Related Users tab displays users that are granted the role. The user information is provided in the following columns: Username , Roles , and Status . * You can click Remove to remove the users granted the current role. * You can select new users in the Add User field and grant the role to the selected users. In the Edit Role panel, you can click Save in the lower-right corner to save the editing results.