OceanBase Migration Service (OMS) requires you to specify a database user and password when you create specific types of data sources. This is to allow you to use OMS to migrate or synchronize data between the source and the target. This topic describes how to create database users of different types.
Descriptions on users
When you create a MySQL-compatible data source of OceanBase Database, three types of users are involved: OceanBase Database users, DRC users (sys tenant users), and __oceanbase_inner_drc_user users. You can create these users as needed.
OceanBase Database user (required): This user is required for data migration or synchronization between the source and target.
DRC user (optional): This user is optional for reading incremental log data and database object schema information from OceanBase Database.
If you need to perform schema migration, schema synchronization, or incremental synchronization, create a DRC user in the
systenant of the source. If you need to perform reverse incremental synchronization, create a DRC user in thesystenant of the target.Note
In the case of an OceanBase Cloud data source, you must create a user in the `sys` tenant to specify the username of the `sys` tenant.
__oceanbase_inner_drc_useruser (optional): This user is optional and is created only when you need to migrate tables without unique keys.
Create an OceanBase Database user
When you perform data migration or synchronization between the source and target, you need to create an OceanBase Database user. This user is required when you create an OceanBase data source (including physical data sources, logical data sources, and public cloud data sources) for filling in Database Username. For example, you can fill in the database username as OMSTEST.
Log in to OceanBase Database as a system administrator.
Create a user in the business tenant of the source for data migration or synchronization.
CREATE USER '<user_name>' IDENTIFIED BY '<password>';Use the
GRANTstatement to grant privileges to the created database user. For more information, see User privileges.
(Optional) Create a DRC user
When you perform schema migration, schema synchronization, or incremental synchronization with an OceanBase data source as the source, or perform reverse incremental synchronization with an OceanBase data source as the target, you need to create a DRC user in the sys tenant of the business cluster. This user is used to read incremental log data and database object schema information from the OceanBase database. This user is used to fill in the Advanced Options field in the DRC User Name field when you create an OceanBase data source (including physical and logical data sources). For example, you can fill in user01 as the DRC user name.
CREATE USER <drc_user> IDENTIFIED BY '<drc_password>';
GRANT SELECT ON <db_name>.* TO <drc_user>;
When you create an OceanBase public cloud data source and the OceanBase cluster version is earlier than V4.2.0, you need to create a user in the sys tenant of the business cluster to read the schema information of the database objects in the OceanBase database when you perform schema migration with the data source as the source. This user is used to fill in the DRC User Name field in the Advanced Options field. For example, you can fill in user02 as the sys tenant user name.
CREATE USER <drc_user> IDENTIFIED BY '<drc_password>';
GRANT SELECT ON <db_name>.* TO <drc_user>;
(Optional) Create the __oceanbase_inner_drc_user user
When you need to migrate a table without a unique key in MySQL compatible mode of the OceanBase database to the target, you need to create the __oceanbase_inner_drc_user user in the source business tenant. This user is used to fill in the __oceanbase_inner_drc_user Password field when you create an OceanBase data source with the Tenant Type field set to MySQL.
Create a user
CREATE USER __oceanbase_inner_drc_user IDENTIFIED BY '<password>';Grant privileges
GRANT SELECT ON *.* TO __oceanbase_inner_drc_user;
Descriptions on users
When you create an MySQL-compatible data source of OceanBase Database, three types of users are involved: OceanBase Database users, DRC users (sys tenant users), and __OCEANBASE_INNER_DRC_USER users. You can create these users as needed.
OceanBase Database user (required): This is a required user that is used for data migration or data synchronization between the source and target.
DRC user (optional): This is an optional user that is used to read incremental log data and database object schema information from OceanBase Database.
If you need to perform schema migration, schema synchronization, or incremental synchronization, you must create a DRC user in the
systenant of the source. If you need to perform reverse incremental synchronization, you must create a DRC user in thesystenant of the target.Note
In the public cloud data source scenario, you must create a user in the `sys` tenant to configure the username of the `sys` tenant.
__OCEANBASE_INNER_DRC_USERuser (optional): This is an optional user that is created only when you need to migrate tables without unique keys.
Create an OceanBase Database user
When you perform data migration or data synchronization between the source and target, you need to create an OceanBase Database user. This user is used to fill in the Database Username field when you create an OceanBase Database data source (including physical data sources, logical data sources, and public cloud data sources). For example, you can fill in the database username as OMSTEST.
Log in to OceanBase Database as a system administrator.
Create a user in the business tenant of the source for data migration or data synchronization.
CREATE USER '<user_name>' IDENTIFIED BY <password>;Use the
GRANTstatement to grant privileges to the created database user. For more information, see User privileges.
(Optional) Create a DRC user
When you use an OceanBase data source as the source for schema migration, schema synchronization, or incremental synchronization, or as the target for reverse incremental synchronization, you must create a DRC user in the sys tenant of the business cluster. This DRC user is used to read incremental log data and database object schema information from the OceanBase database. This user is used to fill in the Advanced Options section of the DRC User Name field when you create an OceanBase data source (including physical and logical data sources). For example, you can set the DRC user username to user01.
CREATE USER <drc_user> IDENTIFIED BY '<drc_password>';
GRANT SELECT ON <db_name>.* TO <drc_user>;
When you create an OceanBase public cloud data source and the OceanBase cluster version is earlier than V4.2.0, you must create a user in the sys tenant of the business cluster to read the schema information of the database objects in the OceanBase database, in addition to creating an OceanBase database user. This user is used to fill in the sys Tenant Username field of the Advanced Options section. For example, you can set the sys tenant username to user02.
CREATE USER <drc_user> IDENTIFIED BY '<drc_password>';
GRANT SELECT ON <db_name>.* TO <drc_user>;
(Optional) Create the __OCEANBASE_INNER_DRC_USER user
When you need to migrate tables without unique keys in Oracle compatible mode of OceanBase Database to the target, you need to create the __OCEANBASE_INNER_DRC_USER user in the source business tenant. This user is used to specify the __OCEANBASE_INNER_DRC_USER password when you create an OceanBase data source with the Tenant Type set to Oracle.
Create a user
CREATE USER '__OCEANBASE_INNER_DRC_USER' IDENTIFIED BY <your_password>;Grant privileges
OceanBase Database version Privilege grant statement V2.2.77 and earlier GRANT CREATE SESSION TO '__OCEANBASE_INNER_DRC_USER';
GRANT SELECT ON *.* TO '__OCEANBASE_INNER_DRC_USER';V2.2.77 and later GRANT CREATE SESSION TO '__OCEANBASE_INNER_DRC_USER';GRANT SELECT ANY DICTIONARY TO '__OCEANBASE_INNER_DRC_USER';
You can use the following two methods to grant theSELECTprivilege to the user for the migrated tables:- Grant the system privilege
GRANT SELECT ANY TABLE TO '__OCEANBASE_INNER_DRC_USER'; - Grant the object privilege (you can only grant the privilege to a specific table)
GRANT SELECT ON <schema>.<table> TO '__OCEANBASE_INNER_DRC_USER';
- Grant the system privilege
When you need to migrate data between an Oracle database and OceanBase Database, or synchronize data from an Oracle database to DataHub, you need to create an Oracle database user. This user is used to specify the Database Username when you create an Oracle data source.
Log in to the Oracle database.
Create a user in the Oracle database for data migration or data synchronization.
CREATE USER <user_name> IDENTIFIED BY "<password>";Use the
GRANTstatement to grant privileges to the created database user. For more information, see User privileges.
When you need to migrate data between a MySQL database and OceanBase Database, or synchronize data from a MySQL database to DataHub, you need to create a MySQL database user. This user is used to specify the Database Username when you create a MySQL data source.
Log in to the MySQL database.
Use the
CREATE USERstatement to create a new user.CREATE USER '<user_name>'@'<host_name>' IDENTIFIED BY '<user_password>';Parameter Description user_name The name of the user to be created. host_name The host that allows the user to log in. If the user can log in from any host, use the percent sign (%). user_password The password of the user to be created. For example, create a user named
testwho can log in from any host and set the login password topassword.CREATE USER 'test'@'%' IDENTIFIED BY 'password';Use the
GRANTstatement to grant privileges to the created database user. For more information, see User privileges.
When you need to migrate data from a PostgreSQL database to OceanBase Database in MySQL compatible mode, you need to create a PostgreSQL database user. This user is used to specify the Database Username when you create a PostgreSQL data source.
Log in to the PostgreSQL database.
Create a user in the PostgreSQL database for data migration or data synchronization.
CREATE USER <user_name> ENCRYPTED PASSWORD '<password>';Use the
GRANTstatement to grant privileges to the created database user. For more information, see User privileges.
When you need to migrate data between a DB2 LUW database and OceanBase Database, you need to create a DB2 LUW database user. This user is used to specify the Database Username when you create a DB2 LUW data source.
In DB2 LUW (Linux/UNIX/Windows), you cannot directly create a database user by using an SQL statement. To create a DB2 LUW database user, you must first create a system user or group and then grant privileges to the user or group.
Create a user group in the operating system.
groupadd <user_group_name>Create a system user and specify the user group to which the user belongs.
useradd -g <user_group_name> <user_name>Set a login password for the new user.
passwd <user_name>Grant privileges to the created database user. For more information, see User privileges.
When you need to migrate data from a TiDB database to OceanBase Database in MySQL compatible mode, you need to create a TiDB database user. This user is used to specify the Database Username when you create a TiDB data source.
Log in to the TiDB database.
Create a user in the TiDB database for data migration or data synchronization.
CREATE USER '<user_name>'@'<host_name>' IDENTIFIED BY '<password>';Parameter Description user_name The name of the user to be created. host_name The host that allows the account to log in. If the account can log in from any host, use the percent sign (%). password The password of the user to be created. Use the
GRANTstatement to grant privileges to the created database user. For more information, see User privileges.
When you need to migrate data from a PolarDB-X 1.0 database to OceanBase Database in MySQL compatible mode, you need to create a PolarDB-X 1.0 database user. This user is used to specify the Account when you create a PolarDB-X 1.0 data source.
Log in to the Apsara Stack console.
In the upper-left corner of the page that appears, click Product > Databases > PolarDB-X 1.0.
In the Instances section of the target organization, click the name of the PolarDB-X 1.0 instance to go to the basic information page of the instance.
In the left-side navigation pane, choose Configuration & Management > Account Management.
Note
After a database is created, an advanced account is automatically created. The password of the account is the same as that of the database. You can use the account directly or create a normal account as needed.
On the Account Management page, click Create Account.
In the Create Account dialog box, configure the parameters.
Parameter Description Database Account The database account must be 4 to 20 characters in length and consist of uppercase letters, lowercase letters, digits, and underscores. The account must start with a letter and end with a letter or digit. New Password The new password must be 8 to 32 characters in length and contain at least three types of characters selected from uppercase letters, lowercase letters, digits, and special characters (!@#$%^&*()_+-=). Confirm New Password Enter the new password again for confirmation. Grant Database In the Database List section, select the name of the database to which you want to grant privileges and click Grant to add the name to the Granted Databases section. Note
The minimum privilege required for a normal account of a PolarDB-X 1.0 instance in each stage of data migration is Read-only.
Click OK.