OceanBase Database users are divided into two categories: users under a system tenant and users under a common tenant. When you create a user, if the current session is under a system tenant, the created user is a user under the system tenant. Otherwise, the user is a user under a common tenant.
Common tenants can be in Oracle or MySQL mode, which are respectively referred to as Oracle tenants and MySQL tenants.
User names under a tenant must be unique. However, they can be duplicate under different tenants. A tenant can be globally uniquely identified by the combination of username@tenant name. We recommend that you add a prefix to usernames of users under a system tenant to distinguish them from users under a common tenant. Both system tenants and common tenants are configured with an internal administrator user. The administrator user of a MySQL tenant is root, and the administrator user of an Oracle tenant is sys. The root user for a system tenant is a system administrator, and the root user for a common tenant is a tenant administrator. You can use the root account and password of a common tenant to manage the tenant.
MySQL tenants
Users under a MySQL tenant of OceanBase Database have access only to the objects under the tenant, and the privileges for the users are compatible with those of MySQL.
The following table lists the privileges in OceanBase Database in MySQL mode.
| Privilege type | Privilege | Description | OceanBase Database Versions |
|---|---|---|---|
| Object privileges | select_priv | Indicates whether the user can use the SELECT statement to select data. |
V1.4.71 and later |
| Object privileges | insert_priv | Indicates whether the user can use the INSERT statement to insert data. |
V1.4.71 and later |
| Object privileges | update_priv | Indicates whether the user can use the UPDATE statement to modify existing data. |
V1.4.71 and later |
| Object privileges | delete_priv | Indicates whether the user can use the DELETE statement to delete existing data. |
V1.4.71 and later |
| Object privileges | create_priv | Indicates whether the user can create databases and tables. | V1.4.71 and later |
| Object privileges | drop_priv | Indicates whether the user can drop existing databases and tables. | V1.4.71 and later |
| Object privileges | process_priv | Indicates whether the user can use the SHOW PROCESSLIST statement to view processes of other users. |
V1.4.71 and later |
| Object privileges | file_priv | Indicates whether the user can run SELECT INTO OUTFILE and LOAD DATA INFILE statements. |
V1.4.71 and later |
| Object privileges | grant_priv | Indicates whether the user can grant its privileges to other users. | V1.4.71 and later |
| Object privileges | index_priv | Indicates whether the user can use the create and delete table indexes. | V1.4.71 and later |
| Object privileges | alter_priv | Indicates whether the user can rename and modify table structures. | V1.4.71 and later |
| Object privileges | show_db_priv | Indicates whether the user can query all database names on a server, including the names of the databases that are accessible to the user. | V1.4.71 and later |
| Object privileges | super_priv | Indicates whether the user can perform some advanced management operations, for example, delete a user process by using the KILL statement, modify global MySQL variables by using the SET GLOBAL statement, and execute various commands related to copying and logs. |
V1.4.71 and later |
| Object privileges | create_view_priv | Indicates whether the user can create views. | V1.4.71 and later |
| Object privileges | show_view_priv | Indicates whether the user can check views or understand how views operate. | V1.4.71 and later |
| Object privileges | create_user_priv | Indicates whether the user can run the CREATE USER statement to create new MySQL accounts. |
V1.4.71 and later |
| Object privileges | create_synonym_priv | Indicates whether the user can create synonyms and public synonyms. | V1.4.71 and later |
| Object privileges (apply to clusters) | ALTER TENANT | The privilege to modify tenant information. | V1.4.71 and later |
| Object privileges (apply to clusters) | ALTER SYSTEM | The privilege to run the ALTER SYSTEM statement. |
V1.4.71 and later |
| Object privileges (apply to clusters) | CREATE RESOURCE POOL | The privilege to create, modify, and delete resource pools. | V2.2.60 and later |
| Object privileges (apply to clusters) | CREATE RESOURCE UNIT | The privilege to create, modify, and delete resource units. | V2.2.60 and later |
Oracle tenants
Users under an Oracle tenant of OceanBase Database have access only to the objects under the tenant, and the privileges for the users are compatible with those of Oracle.
The following table lists available privileges in OceanBase Database under Oracle mode.
| Privilege type | Privilege | Description | Versions supported by OceanBase Database |
|---|---|---|---|
| Object privileges | CREATE PROCEDURE | The privilege to create a storage procedure for a specified user. | V2.2.60 and later |
| Object privileges | CREATE ANY PROCEDURE | The privilege to create a storage procedure for any user. | V2.2.60 and later |
| Object privileges | ALTER ANY PROCEDURE | The privilege to modify any storage procedure. | V2.2.60 and later |
| Object privileges | DROP ANY PROCEDURE | The privilege to drop any storage procedure. | V2.2.60 and later |
| Object privileges | EXECUTE ANY PROCEDURE | The privilege to execute any storage procedure. | V2.2.60 and later |
| Object privileges | CREATE SEQUENCE | The privilege to create a sequence for a specified user. | V2.2.60 and later |
| Object privileges | CREATE ANY SEQUENCE | The privilege to create a sequence for any user. | V2.2.60 and later |
| Object privileges | ALTER ANY SEQUENCE | The privilege to modify any sequence. | V2.2.60 and later |
| Object privileges | DROP ANY SEQUENCE | The privilege to drop any sequence. | V2.2.60 and later |
| Object privileges | SELECT ANY SEQUENCE | The privilege to use any sequence. | V2.2.60 and later |
| Object privileges | CREATE SYNONYM | The privilege to create a synonym for a specified user. | V2.2.60 and later |
| Object privileges | CREATE ANY SYNONYM | The privilege to create a synonym for any user. | V2.2.60 and later |
| Object privileges | CREATE PUBLIC SYNONYM | The privilege to create a public synonym. | V2.2.60 and later |
| Object privileges | DROP ANY SYNONYM | The privilege to drop any synonym. | V2.2.60 and later |
| Object privileges | DROP PUBLIC SYNONYM | The privilege to drop a public synonym. | V2.2.60 and later |
| Object privileges | CREATE TRIGGER | The privilege to create a trigger for a specified user. | V2.2.60 and later |
| Object privileges | CREATE ANY TRIGGER | The privilege to create a trigger for any user. | V2.2.60 and later |
| Object privileges | ALTER ANY TRIGGER | The privilege to modify any trigger. | V2.2.60 and later |
| Object privileges | DROP ANY TRIGGER | The privilege to drop any trigger. | V2.2.60 and later |
| Object privileges | CREATE ROLE | The privilege to create a role. | V2.2.60 and later |
| Object privileges | ALTER ANY ROLE | The privilege to modify any role. | V2.2.60 and later |
| Object privileges | DROP ANY ROLE | The privilege to drop any role. | V2.2.60 and later |
| Object privileges | GRANT ANY ROLE | The privilege to grant any role. | V2.2.60 and later |
| Object privileges | PURGE DBA_RECYCLEBIN | The privilege to purge the recycle bin. | V2.2.60 and later |
| Role privileges | Create Role | V2.2.60 and later | |
| Role privileges | Delete Role | V2.2.60 and later | |
| Role privileges | Create Public Role | V2.2.60 and later | |
| Role privileges | Assign Privileges to Role | V2.2.60 and later | |
| Role privileges | Revoke Privileges from Role | V2.2.60 and later | |
| Role privileges | Assign Role to Role | V2.2.60 and later | |
| Role privileges | Revoke Role from Role | V2.2.60 and later | |
| Role privileges | Pre-defined System Role | V2.2.60 and later | |
| Role privileges | Set Default Role for User | V2.2.60 and later | |