| <!doctype html> |
| <html lang="zh-CN" data-theme="light"> |
| <head> |
| <meta charset="utf-8" /> |
| <meta name="viewport" content="width=device-width,initial-scale=1" /> |
| <meta name="generator" content="VuePress 2.0.0-rc.9" /> |
| <meta name="theme" content="VuePress Theme Hope 2.0.0-rc.34" /> |
| <style> |
| html { |
| background: var(--bg-color, #fff); |
| } |
| |
| html[data-theme="dark"] { |
| background: var(--bg-color, #1d1e1f); |
| } |
| |
| body { |
| background: var(--bg-color); |
| } |
| </style> |
| <script> |
| const userMode = localStorage.getItem("vuepress-theme-hope-scheme"); |
| const systemDarkMode = |
| window.matchMedia && |
| window.matchMedia("(prefers-color-scheme: dark)").matches; |
| |
| if (userMode === "dark" || (userMode !== "light" && systemDarkMode)) { |
| document.documentElement.setAttribute("data-theme", "dark"); |
| } |
| </script> |
| <link rel="alternate" hreflang="en-us" href="https://iotdb.apache.org/UserGuide/latest/User-Manual/Authority-Management.html"><meta property="og:url" content="https://iotdb.apache.org/zh/UserGuide/latest/User-Manual/Authority-Management.html"><meta property="og:site_name" content="IoTDB Website"><meta property="og:title" content="权限管理"><meta property="og:description" content="权限管理 IoTDB 为用户提供了权限管理操作,为用户提供对数据与集群系统的权限管理功能,保障数据与系统安全。 本篇介绍IoTDB 中权限模块的基本概念、用户定义、权限管理、鉴权逻辑与功能用例。在 JAVA 编程环境中,您可以使用 单条或批量执行权限管理类语句。 基本概念 用户 用户即数据库的合法使用者。一个用户与一个唯一的用户名相对应,并且拥有密码作..."><meta property="og:type" content="article"><meta property="og:locale" content="zh-CN"><meta property="og:locale:alternate" content="en-US"><meta property="og:updated_time" content="2024-01-17T06:56:46.000Z"><meta property="article:modified_time" content="2024-01-17T06:56:46.000Z"><script type="application/ld+json">{"@context":"https://schema.org","@type":"Article","headline":"权限管理","image":[""],"dateModified":"2024-01-17T06:56:46.000Z","author":[]}</script><link rel="icon" href="/favicon.ico"><meta name="Description" content="Apache IoTDB: Time Series Database for IoT"><meta name="Keywords" content="TSDB, time series, time series database, IoTDB, IoT database, IoT data management,时序数据库, 时间序列管理, IoTDB, 物联网数据库, 实时数据库, 物联网数据管理, 物联网数据"><meta name="baidu-site-verification" content="wfKETzB3OT"><meta name="google-site-verification" content="mZWAoRY0yj_HAr-s47zHCGHzx5Ju-RVm5wDbPnwQYFo"><script type="text/javascript"> |
| var _paq = window._paq = window._paq || []; |
| /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ |
| _paq.push(["setDoNotTrack", true]); |
| _paq.push(["disableCookies"]); |
| _paq.push(['trackPageView']); |
| _paq.push(['enableLinkTracking']); |
| (function() { |
| var u="https://analytics.apache.org/"; |
| _paq.push(['setTrackerUrl', u+'matomo.php']); |
| _paq.push(['setSiteId', '56']); |
| var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; |
| g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); |
| })(); |
| </script><title>权限管理 | IoTDB Website</title><meta name="description" content="权限管理 IoTDB 为用户提供了权限管理操作,为用户提供对数据与集群系统的权限管理功能,保障数据与系统安全。 本篇介绍IoTDB 中权限模块的基本概念、用户定义、权限管理、鉴权逻辑与功能用例。在 JAVA 编程环境中,您可以使用 单条或批量执行权限管理类语句。 基本概念 用户 用户即数据库的合法使用者。一个用户与一个唯一的用户名相对应,并且拥有密码作..."> |
| <link rel="preload" href="/assets/style-DnEHAOmf.css" as="style"><link rel="stylesheet" href="/assets/style-DnEHAOmf.css"> |
| <link rel="modulepreload" href="/assets/app-DrPcRZG6.js"><link rel="modulepreload" href="/assets/Authority-Management.html-CrkBRiQh.js"> |
| |
| </head> |
| <body> |
| <div id="app"><!--[--><!--[--><!--[--><span tabindex="-1"></span><a href="#main-content" class="vp-skip-link sr-only">跳至主要內容</a><!--]--><!--[--><div class="theme-container has-toc"><!--[--><header id="navbar" class="vp-navbar hide-icon"><div class="vp-navbar-start"><button type="button" class="vp-toggle-sidebar-button" title="Toggle Sidebar"><span class="icon"></span></button><!--[--><!----><!--]--><!--[--><a class="route-link vp-brand" href="/zh/"><img class="vp-nav-logo" src="/logo.png" alt><!----><span class="vp-site-name hide-in-pad">IoTDB Website</span></a><!--]--><!--[--><!----><!--]--></div><div class="vp-navbar-center"><!--[--><!----><!--]--><!--[--><!--]--><!--[--><!----><!--]--></div><div class="vp-navbar-end"><!--[--><!----><!--]--><!--[--><!--[--><div id="docsearch-container" style="display:none;"></div><div><button type="button" class="DocSearch DocSearch-Button" aria-label="搜索文档"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">搜索文档</span></span><span class="DocSearch-Button-Keys"><kbd class="DocSearch-Button-Key"><svg width="15" height="15" class="DocSearch-Control-Key-Icon"><path d="M4.505 4.496h2M5.505 5.496v5M8.216 4.496l.055 5.993M10 7.5c.333.333.5.667.5 1v2M12.326 4.5v5.996M8.384 4.496c1.674 0 2.116 0 2.116 1.5s-.442 1.5-2.116 1.5M3.205 9.303c-.09.448-.277 1.21-1.241 1.203C1 10.5.5 9.513.5 8V7c0-1.57.5-2.5 1.464-2.494.964.006 1.134.598 1.24 1.342M12.553 10.5h1.953" stroke-width="1.2" stroke="currentColor" fill="none" stroke-linecap="square"></path></svg></kbd><kbd class="DocSearch-Button-Key">K</kbd></span></button></div><!--]--><nav class="vp-nav-links"><div class="vp-nav-item hide-in-mobile"><div class="dropdown-wrapper"><button type="button" class="dropdown-title" aria-label="文档"><span class="title"><!---->文档</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><a class="route-link nav-link" href="/zh/UserGuide/latest/QuickStart/QuickStart.html" aria-label="v1.3.x"><!---->v1.3.x<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/UserGuide/V1.2.x/QuickStart/QuickStart.html" aria-label="v1.2.x"><!---->v1.2.x<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/UserGuide/V1.1.x/QuickStart/QuickStart.html" aria-label="v1.1.x"><!---->v1.1.x<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/UserGuide/V1.0.x/QuickStart/QuickStart.html" aria-label="v1.0.x"><!---->v1.0.x<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/UserGuide/V0.13.x/QuickStart/QuickStart.html" aria-label="v0.13.x"><!---->v0.13.x<!----></a></li></ul></button></div></div><div class="vp-nav-item hide-in-mobile"><a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=177051872" rel="noopener noreferrer" target="_blank" aria-label="系统设计" class="nav-link"><!---->系统设计<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></div><div class="vp-nav-item hide-in-mobile"><a class="route-link nav-link" href="/zh/Download/" aria-label="下载"><!---->下载<!----></a></div><div class="vp-nav-item hide-in-mobile"><div class="dropdown-wrapper"><button type="button" class="dropdown-title" aria-label="社区"><span class="title"><!---->社区</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><a class="route-link nav-link" href="/zh/Community/About.html" aria-label="关于社区"><!---->关于社区<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/Community/Development-Guide.html" aria-label="贡献指南"><!---->贡献指南<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/Community/Powered-By.html" aria-label="社区伙伴"><!---->社区伙伴<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/Community/Feedback.html" aria-label="交流与反馈"><!---->交流与反馈<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/Community/Materials.html" aria-label="活动与报告"><!---->活动与报告<!----></a></li><li class="dropdown-item"><a class="route-link nav-link" href="/zh/Community/Community-Project-Committers.html" aria-label="Commiters"><!---->Commiters<!----></a></li></ul></button></div></div><div class="vp-nav-item hide-in-mobile"><div class="dropdown-wrapper"><button type="button" class="dropdown-title" aria-label="ASF"><span class="title"><!---->ASF</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><a href="https://www.apache.org/" rel="noopener noreferrer" target="_blank" aria-label="基金会" class="nav-link"><!---->基金会<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-item"><a href="https://www.apache.org/licenses/" rel="noopener noreferrer" target="_blank" aria-label="许可证" class="nav-link"><!---->许可证<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-item"><a href="https://www.apache.org/security/" rel="noopener noreferrer" target="_blank" aria-label="安全" class="nav-link"><!---->安全<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-item"><a href="https://www.apache.org/foundation/sponsorship.html" rel="noopener noreferrer" target="_blank" aria-label="赞助" class="nav-link"><!---->赞助<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-item"><a href="https://www.apache.org/foundation/thanks.html" rel="noopener noreferrer" target="_blank" aria-label="致谢" class="nav-link"><!---->致谢<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-item"><a href="https://www.apache.org/events/current-event" rel="noopener noreferrer" target="_blank" aria-label="活动" class="nav-link"><!---->活动<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-item"><a href="https://privacy.apache.org/policies/privacy-policy-public.html" rel="noopener noreferrer" target="_blank" aria-label="隐私" class="nav-link"><!---->隐私<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li></ul></button></div></div></nav><div class="vp-nav-item"><div class="dropdown-wrapper"><button type="button" class="dropdown-title" aria-label="选择语言"><!--[--><svg xmlns="http://www.w3.org/2000/svg" class="icon i18n-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="i18n icon" style="width:1rem;height:1rem;vertical-align:middle;"><path d="M379.392 460.8 494.08 575.488l-42.496 102.4L307.2 532.48 138.24 701.44l-71.68-72.704L234.496 460.8l-45.056-45.056c-27.136-27.136-51.2-66.56-66.56-108.544h112.64c7.68 14.336 16.896 27.136 26.112 35.84l45.568 46.08 45.056-45.056C382.976 312.32 409.6 247.808 409.6 204.8H0V102.4h256V0h102.4v102.4h256v102.4H512c0 70.144-37.888 161.28-87.04 210.944L378.88 460.8zM576 870.4 512 1024H409.6l256-614.4H768l256 614.4H921.6l-64-153.6H576zM618.496 768h196.608L716.8 532.48 618.496 768z"></path></svg><!--]--><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><a class="route-link nav-link" href="/UserGuide/latest/User-Manual/Authority-Management.html" aria-label="English"><!---->English<!----></a></li><li class="dropdown-item"><a class="route-link nav-link active" href="/zh/UserGuide/latest/User-Manual/Authority-Management.html" aria-label="简体中文"><!---->简体中文<!----></a></li></ul></button></div></div><div class="vp-nav-item hide-in-mobile"><button type="button" id="appearance-switch"><svg xmlns="http://www.w3.org/2000/svg" class="icon auto-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="auto icon" style="display:none;"><path d="M512 992C246.92 992 32 777.08 32 512S246.92 32 512 32s480 214.92 480 480-214.92 480-480 480zm0-840c-198.78 0-360 161.22-360 360 0 198.84 161.22 360 360 360s360-161.16 360-360c0-198.78-161.22-360-360-360zm0 660V212c165.72 0 300 134.34 300 300 0 165.72-134.28 300-300 300z"></path></svg><svg xmlns="http://www.w3.org/2000/svg" class="icon dark-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="dark icon" style="display:none;"><path d="M524.8 938.667h-4.267a439.893 439.893 0 0 1-313.173-134.4 446.293 446.293 0 0 1-11.093-597.334A432.213 432.213 0 0 1 366.933 90.027a42.667 42.667 0 0 1 45.227 9.386 42.667 42.667 0 0 1 10.24 42.667 358.4 358.4 0 0 0 82.773 375.893 361.387 361.387 0 0 0 376.747 82.774 42.667 42.667 0 0 1 54.187 55.04 433.493 433.493 0 0 1-99.84 154.88 438.613 438.613 0 0 1-311.467 128z"></path></svg><svg xmlns="http://www.w3.org/2000/svg" class="icon light-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="light icon" style="display:block;"><path d="M952 552h-80a40 40 0 0 1 0-80h80a40 40 0 0 1 0 80zM801.88 280.08a41 41 0 0 1-57.96-57.96l57.96-58a41.04 41.04 0 0 1 58 58l-58 57.96zM512 752a240 240 0 1 1 0-480 240 240 0 0 1 0 480zm0-560a40 40 0 0 1-40-40V72a40 40 0 0 1 80 0v80a40 40 0 0 1-40 40zm-289.88 88.08-58-57.96a41.04 41.04 0 0 1 58-58l57.96 58a41 41 0 0 1-57.96 57.96zM192 512a40 40 0 0 1-40 40H72a40 40 0 0 1 0-80h80a40 40 0 0 1 40 40zm30.12 231.92a41 41 0 0 1 57.96 57.96l-57.96 58a41.04 41.04 0 0 1-58-58l58-57.96zM512 832a40 40 0 0 1 40 40v80a40 40 0 0 1-80 0v-80a40 40 0 0 1 40-40zm289.88-88.08 58 57.96a41.04 41.04 0 0 1-58 58l-57.96-58a41 41 0 0 1 57.96-57.96z"></path></svg></button></div><div class="vp-nav-item vp-action"><a class="vp-action-link" href="https://github.com/apache/iotdb" target="_blank" rel="noopener noreferrer" aria-label="GitHub"><svg xmlns="http://www.w3.org/2000/svg" class="icon github-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="github icon" style="width:1.25rem;height:1.25rem;vertical-align:middle;"><path d="M511.957 21.333C241.024 21.333 21.333 240.981 21.333 512c0 216.832 140.544 400.725 335.574 465.664 24.49 4.395 32.256-10.07 32.256-23.083 0-11.69.256-44.245 0-85.205-136.448 29.61-164.736-64.64-164.736-64.64-22.315-56.704-54.4-71.765-54.4-71.765-44.587-30.464 3.285-29.824 3.285-29.824 49.195 3.413 75.179 50.517 75.179 50.517 43.776 75.008 114.816 53.333 142.762 40.79 4.523-31.66 17.152-53.377 31.19-65.537-108.971-12.458-223.488-54.485-223.488-242.602 0-53.547 19.114-97.323 50.517-131.67-5.035-12.33-21.93-62.293 4.779-129.834 0 0 41.258-13.184 134.912 50.346a469.803 469.803 0 0 1 122.88-16.554c41.642.213 83.626 5.632 122.88 16.554 93.653-63.488 134.784-50.346 134.784-50.346 26.752 67.541 9.898 117.504 4.864 129.834 31.402 34.347 50.474 78.123 50.474 131.67 0 188.586-114.73 230.016-224.042 242.09 17.578 15.232 33.578 44.672 33.578 90.454v135.85c0 13.142 7.936 27.606 32.854 22.87C862.25 912.597 1002.667 728.747 1002.667 512c0-271.019-219.648-490.667-490.71-490.667z"></path></svg></a></div><!--]--><!--[--><!----><!--]--><button type="button" class="vp-toggle-navbar-button" aria-label="Toggle Navbar" aria-expanded="false" aria-controls="nav-screen"><span><span class="vp-top"></span><span class="vp-middle"></span><span class="vp-bottom"></span></span></button></div></header><!----><!--]--><!----><div class="toggle-sidebar-wrapper"><span class="arrow start"></span></div><aside id="sidebar" class="vp-sidebar"><!--[--><!----><!--]--><ul class="vp-sidebar-links"><li><section class="vp-sidebar-group"><p class="vp-sidebar-header"><!----><span class="vp-sidebar-title">IoTDB用户手册 (V1.3.x)</span><!----></p><ul class="vp-sidebar-links"></ul></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">关于IoTDB</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">快速上手</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">基础概念</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">部署与运维</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable active" type="button"><!----><span class="vp-sidebar-title">使用手册</span><span class="vp-arrow down"></span></button><ul class="vp-sidebar-links"><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Syntax-Rule.html" aria-label="语法约定"><!---->语法约定<!----></a></li><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Operate-Metadata.html" aria-label="元数据管理"><!---->元数据管理<!----></a></li><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Write-Delete-Data.html" aria-label="数据增删"><!---->数据增删<!----></a></li><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Query-Data.html" aria-label="数据查询"><!---->数据查询<!----></a></li><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Operator-and-Expression.html" aria-label="运算符和表达式"><!---->运算符和表达式<!----></a></li><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Streaming.html" aria-label="流处理"><!---->流处理<!----></a></li><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Data-Sync.html" aria-label="数据同步"><!---->数据同步<!----></a></li><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Database-Programming.html" aria-label="数据库编程"><!---->数据库编程<!----></a></li><li><a class="route-link nav-link active vp-sidebar-link vp-sidebar-page active" href="/zh/UserGuide/latest/User-Manual/Authority-Management.html" aria-label="权限管理"><!---->权限管理<!----></a></li><li><a class="route-link nav-link vp-sidebar-link vp-sidebar-page" href="/zh/UserGuide/latest/User-Manual/Maintennance.html" aria-label="运维语句"><!---->运维语句<!----></a></li></ul></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">工具体系</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">应用编程接口</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">系统集成</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">SQL手册</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">FAQ</span><span class="vp-arrow end"></span></button><!----></section></li><li><section class="vp-sidebar-group"><button class="vp-sidebar-header clickable" type="button"><!----><span class="vp-sidebar-title">参考</span><span class="vp-arrow end"></span></button><!----></section></li></ul><!--[--><!----><!--]--></aside><!--[--><main id="main-content" class="vp-page"><!--[--><!--[--><!----><!--]--><!----><nav class="vp-breadcrumb disable"></nav><div class="vp-page-title"><h1><!---->权限管理</h1><div class="page-info"><!----><!----><span class="page-date-info" aria-label="写作日期"><svg xmlns="http://www.w3.org/2000/svg" class="icon calendar-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="calendar icon"><path d="M716.4 110.137c0-18.753-14.72-33.473-33.472-33.473-18.753 0-33.473 14.72-33.473 33.473v33.473h66.993v-33.473zm-334.87 0c0-18.753-14.72-33.473-33.473-33.473s-33.52 14.72-33.52 33.473v33.473h66.993v-33.473zm468.81 33.52H716.4v100.465c0 18.753-14.72 33.473-33.472 33.473a33.145 33.145 0 01-33.473-33.473V143.657H381.53v100.465c0 18.753-14.72 33.473-33.473 33.473a33.145 33.145 0 01-33.473-33.473V143.657H180.6A134.314 134.314 0 0046.66 277.595v535.756A134.314 134.314 0 00180.6 947.289h669.74a134.36 134.36 0 00133.94-133.938V277.595a134.314 134.314 0 00-133.94-133.938zm33.473 267.877H147.126a33.145 33.145 0 01-33.473-33.473c0-18.752 14.72-33.473 33.473-33.473h736.687c18.752 0 33.472 14.72 33.472 33.473a33.145 33.145 0 01-33.472 33.473z"></path></svg><span><!----></span><meta property="datePublished" content="2023-07-10T03:11:17.000Z"></span><span class="page-pageview-info" aria-label="访问量"><svg xmlns="http://www.w3.org/2000/svg" class="icon eye-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="eye icon"><path d="M992 512.096c0-5.76-.992-10.592-1.28-11.136-.192-2.88-1.152-8.064-2.08-10.816-.256-.672-.544-1.376-.832-2.08-.48-1.568-1.024-3.104-1.6-4.32C897.664 290.112 707.104 160 512 160c-195.072 0-385.632 130.016-473.76 322.592-1.056 2.112-1.792 4.096-2.272 5.856a55.512 55.512 0 00-.64 1.6c-1.76 5.088-1.792 8.64-1.632 7.744-.832 3.744-1.568 11.168-1.568 11.168-.224 2.272-.224 4.032.032 6.304 0 0 .736 6.464 1.088 7.808.128 1.824.576 4.512 1.12 6.976h-.032c.448 2.08 1.12 4.096 1.984 6.08.48 1.536.992 2.976 1.472 4.032C126.432 733.856 316.992 864 512 864c195.136 0 385.696-130.048 473.216-321.696 1.376-2.496 2.24-4.832 2.848-6.912.256-.608.48-1.184.672-1.728 1.536-4.48 1.856-8.32 1.728-8.32l-.032.032c.608-3.104 1.568-7.744 1.568-13.28zM512 672c-88.224 0-160-71.776-160-160s71.776-160 160-160 160 71.776 160 160-71.776 160-160 160z"></path></svg><span id="ArtalkPV" class="vp-pageview waline-pageview-count" data-path="/zh/UserGuide/latest/User-Manual/Authority-Management.html" data-page-key="/zh/UserGuide/latest/User-Manual/Authority-Management.html">...</span></span><span class="page-reading-time-info" aria-label="阅读时间"><svg xmlns="http://www.w3.org/2000/svg" class="icon timer-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="timer icon"><path d="M799.387 122.15c4.402-2.978 7.38-7.897 7.38-13.463v-1.165c0-8.933-7.38-16.312-16.312-16.312H256.33c-8.933 0-16.311 7.38-16.311 16.312v1.165c0 5.825 2.977 10.874 7.637 13.592 4.143 194.44 97.22 354.963 220.201 392.763-122.204 37.542-214.893 196.511-220.2 389.397-4.661 5.049-7.638 11.651-7.638 19.03v5.825h566.49v-5.825c0-7.379-2.849-13.981-7.509-18.9-5.049-193.016-97.867-351.985-220.2-389.527 123.24-37.67 216.446-198.453 220.588-392.892zM531.16 450.445v352.632c117.674 1.553 211.787 40.778 211.787 88.676H304.097c0-48.286 95.149-87.382 213.728-88.676V450.445c-93.077-3.107-167.901-81.297-167.901-177.093 0-8.803 6.99-15.793 15.793-15.793 8.803 0 15.794 6.99 15.794 15.793 0 80.261 63.69 145.635 142.01 145.635s142.011-65.374 142.011-145.635c0-8.803 6.99-15.793 15.794-15.793s15.793 6.99 15.793 15.793c0 95.019-73.789 172.82-165.96 177.093z"></path></svg><span>大约 16 分钟</span><meta property="timeRequired" content="PT16M"></span><!----><!----></div><hr></div><div class="vp-toc-placeholder"><aside id="toc"><!--[--><!----><!--]--><div class="vp-toc-header">此页内容<button type="button" class="print-button" title="打印"><svg xmlns="http://www.w3.org/2000/svg" class="icon print-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="print icon"><path d="M819.2 364.8h-44.8V128c0-17.067-14.933-32-32-32H281.6c-17.067 0-32 14.933-32 32v236.8h-44.8C145.067 364.8 96 413.867 96 473.6v192c0 59.733 49.067 108.8 108.8 108.8h44.8V896c0 17.067 14.933 32 32 32h460.8c17.067 0 32-14.933 32-32V774.4h44.8c59.733 0 108.8-49.067 108.8-108.8v-192c0-59.733-49.067-108.8-108.8-108.8zM313.6 160h396.8v204.8H313.6V160zm396.8 704H313.6V620.8h396.8V864zM864 665.6c0 25.6-19.2 44.8-44.8 44.8h-44.8V588.8c0-17.067-14.933-32-32-32H281.6c-17.067 0-32 14.933-32 32v121.6h-44.8c-25.6 0-44.8-19.2-44.8-44.8v-192c0-25.6 19.2-44.8 44.8-44.8h614.4c25.6 0 44.8 19.2 44.8 44.8v192z"></path></svg></button><div class="arrow end"></div></div><div class="vp-toc-wrapper"><ul class="vp-toc-list"><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level2" href="#基本概念">基本概念</a></li><li><ul class="vp-toc-list"><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#用户">用户</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#权限">权限</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#角色">角色</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#默认用户与角色">默认用户与角色</a></li><!----><!--]--></ul></li><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level2" href="#用户定义">用户定义</a></li><li><ul class="vp-toc-list"><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#用户名限制">用户名限制</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#密码限制">密码限制</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#角色名限制">角色名限制</a></li><!----><!--]--></ul></li><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level2" href="#权限管理-1">权限管理</a></li><li><ul class="vp-toc-list"><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#序列权限">序列权限</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#全局权限">全局权限</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#权限授予与取消">权限授予与取消</a></li><!----><!--]--></ul></li><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level2" href="#鉴权">鉴权</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level2" href="#功能语法与示例">功能语法与示例</a></li><li><ul class="vp-toc-list"><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#用户与角色相关">用户与角色相关</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#授权与取消授权">授权与取消授权</a></li><!----><!--]--></ul></li><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level2" href="#示例">示例</a></li><li><ul class="vp-toc-list"><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#创建用户">创建用户</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#赋予用户权限">赋予用户权限</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level3" href="#撤销用户权限">撤销用户权限</a></li><!----><!--]--></ul></li><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level2" href="#其他说明">其他说明</a></li><!----><!--]--><!--[--><li class="vp-toc-item"><a class="route-link vp-toc-link level2" href="#升级说明">升级说明</a></li><!----><!--]--></ul><div class="vp-toc-marker" style="top:-1.7rem;"></div></div><!--[--><!----><!--]--></aside></div><!--[--><!----><!--]--><div class="theme-hope-content"><h1 id="权限管理" tabindex="-1"><a class="header-anchor" href="#权限管理"><span>权限管理</span></a></h1><p>IoTDB 为用户提供了权限管理操作,为用户提供对数据与集群系统的权限管理功能,保障数据与系统安全。<br> 本篇介绍IoTDB 中权限模块的基本概念、用户定义、权限管理、鉴权逻辑与功能用例。在 JAVA 编程环境中,您可以使用 <a class="route-link" href="/zh/UserGuide/latest/API/Programming-JDBC.html">JDBC API</a> 单条或批量执行权限管理类语句。</p><h2 id="基本概念" tabindex="-1"><a class="header-anchor" href="#基本概念"><span>基本概念</span></a></h2><h3 id="用户" tabindex="-1"><a class="header-anchor" href="#用户"><span>用户</span></a></h3><p>用户即数据库的合法使用者。一个用户与一个唯一的用户名相对应,并且拥有密码作为身份验证的手段。一个人在使用数据库之前,必须先提供合法的(即存于数据库中的)用户名与密码,作为用户成功登录。</p><h3 id="权限" tabindex="-1"><a class="header-anchor" href="#权限"><span>权限</span></a></h3><p>数据库提供多种操作,但并非所有的用户都能执行所有操作。如果一个用户可以执行某项操作,则称该用户有执行该操作的权限。权限通常需要一个路径来限定其生效范围,可以使用<a class="route-link" href="/zh/UserGuide/latest/Basic-Concept/Data-Model-and-Terminology.html">路径模式</a>灵活管理权限。</p><h3 id="角色" tabindex="-1"><a class="header-anchor" href="#角色"><span>角色</span></a></h3><p>角色是若干权限的集合,并且有一个唯一的角色名作为标识符。角色通常和一个现实身份相对应(例如交通调度员),而一个现实身份可能对应着多个用户。这些具有相同现实身份的用户往往具有相同的一些权限,角色就是为了能对这样的权限进行统一的管理的抽象。</p><h3 id="默认用户与角色" tabindex="-1"><a class="header-anchor" href="#默认用户与角色"><span>默认用户与角色</span></a></h3><p>安装初始化后的 IoTDB 中有一个默认用户:root,默认密码为 root。该用户为管理员用户,固定拥有所有权限,无法被赋予、撤销权限,也无法被删除,数据库内仅有一个管理员用户。</p><p>一个新创建的用户或角色不具备任何权限。</p><h2 id="用户定义" tabindex="-1"><a class="header-anchor" href="#用户定义"><span>用户定义</span></a></h2><p>拥有 MANAGE_USER、MANAGE_ROLE 的用户或者管理员可以创建用户或者角色,需要满足以下约束:</p><h3 id="用户名限制" tabindex="-1"><a class="header-anchor" href="#用户名限制"><span>用户名限制</span></a></h3><p>4~32个字符,支持使用英文大小写字母、数字、特殊字符(<code>!@#$%^&*()_+-=</code>)</p><p>用户无法创建和管理员用户同名的用户。</p><h3 id="密码限制" tabindex="-1"><a class="header-anchor" href="#密码限制"><span>密码限制</span></a></h3><p>4~32个字符,可使用大写小写字母、数字、特殊字符(<code>!@#$%^&*()_+-=</code>),密码默认采用 MD5 进行加密。</p><h3 id="角色名限制" tabindex="-1"><a class="header-anchor" href="#角色名限制"><span>角色名限制</span></a></h3><p>4~32个字符,支持使用英文大小写字母、数字、特殊字符(<code>!@#$%^&*()_+-=</code>)</p><p>用户无法创建和管理员用户同名的角色。</p><h2 id="权限管理-1" tabindex="-1"><a class="header-anchor" href="#权限管理-1"><span>权限管理</span></a></h2><p>IoTDB 主要有两类权限:序列权限、全局权限。</p><h3 id="序列权限" tabindex="-1"><a class="header-anchor" href="#序列权限"><span>序列权限</span></a></h3><p>序列权限约束了用户访问数据的范围与方式,支持对绝对路径与前缀匹配路径授权,可对timeseries 粒度生效。</p><p>下表描述了这类权限的种类与范围:</p><table><thead><tr><th>权限名称</th><th>描述</th></tr></thead><tbody><tr><td>READ_DATA</td><td>允许读取授权路径下的序列数据。</td></tr><tr><td>WRITE_DATA</td><td>允许读取授权路径下的序列数据。<br>允许插入、删除授权路径下的的序列数据。<br>允许在授权路径下导入、加载数据,在导入数据时,需要拥有对应路径的 WRITE_DATA 权限,在自动创建数据库与序列时,需要有 MANAGE_DATABASE 与 WRITE_SCHEMA 权限。</td></tr><tr><td>READ_SCHEMA</td><td>允许获取授权路径下元数据树的详细信息:<br>包括:路径下的数据库、子路径、子节点、设备、序列、模版、视图等。</td></tr><tr><td>WRITE_SCHEMA</td><td>允许获取授权路径下元数据树的详细信息。<br>允许在授权路径下对序列、模版、视图等进行创建、删除、修改操作。<br>在创建或修改 view 的时候,会检查 view 路径的 WRITE_SCHEMA 权限、数据源的 READ_SCHEMA 权限。<br>在对 view 进行查询、插入时,会检查 view 路径的 READ_DATA 权限、WRITE_DATA 权限。<br>允许在授权路径下设置、取消、查看TTL。<br> 允许在授权路径下挂载或者接触挂载模板。</td></tr></tbody></table><h3 id="全局权限" tabindex="-1"><a class="header-anchor" href="#全局权限"><span>全局权限</span></a></h3><p>全局权限约束了用户使用的数据库功能、限制了用户执行改变系统状态与任务状态的命令,用户获得全局授权后,可对数据库进行管理。</p><p>下表描述了系统权限的种类:</p><table><thead><tr><th style="text-align:center;">权限名称</th><th style="text-align:left;">描述</th></tr></thead><tbody><tr><td style="text-align:center;">MANAGE_DATABASE</td><td style="text-align:left;">- 允许用户创建、删除数据库.</td></tr><tr><td style="text-align:center;">MANAGE_USER</td><td style="text-align:left;">- 允许用户创建、删除、修改、查看用户。</td></tr><tr><td style="text-align:center;">MANAGE_ROLE</td><td style="text-align:left;">- 允许用户创建、删除、查看角色。 <br> 允许用户将角色授予给其他用户,或取消其他用户的角色。</td></tr><tr><td style="text-align:center;">USE_TRIGGER</td><td style="text-align:left;">- 允许用户创建、删除、查看触发器。<br>与触发器的数据源权限检查相独立。</td></tr><tr><td style="text-align:center;">USE_UDF</td><td style="text-align:left;">- 允许用户创建、删除、查看用户自定义函数。<br>与自定义函数的数据源权限检查相独立。</td></tr><tr><td style="text-align:center;">USE_CQ</td><td style="text-align:left;">- 允许用户创建、开始、停止、删除、查看管道。<br>允许用户创建、删除、查看管道插件。<br>与管道的数据源权限检查相独立。</td></tr><tr><td style="text-align:center;">EXTEND_TEMPLATE</td><td style="text-align:left;">- 允许自动扩展模板。</td></tr><tr><td style="text-align:center;">MAINTAIN</td><td style="text-align:left;">- 允许用户查询、取消查询。 <br> 允许用户查看变量。 <br> 允许用户查看集群状态。</td></tr><tr><td style="text-align:center;">USE_MODEL</td><td style="text-align:left;">- 允许用户创建、删除、查询深度学习模型</td></tr></tbody></table><p>关于模板权限:</p><ol><li>模板的创建、删除、修改、查询、挂载、卸载仅允许管理员操作。</li><li>激活模板需要拥有激活路径的 WRITE_SCHEMA 权限</li><li>若开启了自动创建,在向挂载了模板的不存在路径写入时,数据库会自动扩展模板并写入数据,因此需要有 EXTEND_TEMPLATE 权限与写入序列的 WRITE_DATA 权限。</li><li>解除模板,需要拥有挂载模板路径的 WRITE_SCHEMA 权限。</li><li>查询使用了某个元数据模板的路径,需要有路径的 READ_SCHEMA 权限,否则将返回为空。</li></ol><h3 id="权限授予与取消" tabindex="-1"><a class="header-anchor" href="#权限授予与取消"><span>权限授予与取消</span></a></h3><p>在 IoTDB 中,用户可以由三种途径获得权限:</p><ol><li>由超级管理员授予,超级管理员可以控制其他用户的权限。</li><li>由允许权限授权的用户授予,该用户获得权限时被指定了 grant option 关键字。</li><li>由超级管理员或者有 MANAGE_ROLE 的用户授予某个角色进而获取权限。</li></ol><p>取消用户的权限,可以由以下几种途径:</p><ol><li>由超级管理员取消用户的权限。</li><li>由允许权限授权的用户取消权限,该用户获得权限时被指定了 grant option 关键字。</li><li>由超级管理员或者MANAGE_ROLE 的用户取消用户的某个角色进而取消权限。</li></ol><ul><li>在授权时,必须指定路径。全局权限需要指定为 root.**, 而序列相关权限必须为绝对路径或者以双通配符结尾的前缀路径。</li><li>当授予角色权限时,可以为该权限指定 with grant option 关键字,意味着用户可以转授其授权路径上的权限,也可以取消其他用户的授权路径上的权限。例如用户 A 在被授予<code>集团1.公司1.**</code>的读权限时制定了 grant option 关键字,那么 A 可以将<code>集团1.公司1</code>以下的任意节点、序列的读权限转授给他人, 同样也可以取消其他用户 <code>集团1.公司1</code> 下任意节点的读权限。</li><li>在取消授权时,取消授权语句会与用户所有的权限路径进行匹配,将匹配到的权限路径进行清理,例如用户A 具有 <code>集团1.公司1.工厂1 </code>的读权限, 在取消 <code>集团1.公司1.** </code>的读权限时,会清除用户A 的 <code>集团1.公司1.工厂1</code> 的读权限。</li></ul><h2 id="鉴权" tabindex="-1"><a class="header-anchor" href="#鉴权"><span>鉴权</span></a></h2><p>用户权限主要由三部分组成:权限生效范围(路径), 权限类型, with grant option 标记:</p><div class="language-text line-numbers-mode" data-ext="text" data-title="text"><pre class="language-text"><code>userTest1 : |
| root.t1.** - read_schema, read_data - with grant option |
| root.** - write_schema, write_data - with grant option |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><p>每个用户都有一个这样的权限访问列表,标识他们获得的所有权限,可以通过 <code>LIST PRIVILEGES OF USER <username></code> 查看他们的权限。</p><p>在对一个路径进行鉴权时,数据库会进行路径与权限的匹配。例如检查 <code>root.t1.t2</code> 的 read_schema 权限时,首先会与权限访问列表的 <code>root.t1.**</code>进行匹配,匹配成功,则检查该路径是否包含待鉴权的权限,否则继续下一条路径-权限的匹配,直到匹配成功或者匹配结束。</p><p>在进行多路径鉴权时,对于多路径查询任务,数据库只会将有权限的数据呈现出来,无权限的数据不会包含在结果中;对于多路径写入任务,数据库要求必须所有的目标序列都获得了对应的权限,才能进行写入。</p><p>请注意,下面的操作需要检查多重权限</p><ol><li>开启了自动创建序列功能,在用户将数据插入到不存在的序列中时,不仅需要对应序列的写入权限,还需要序列的元数据修改权限。</li><li>执行 select into 语句时,需要检查源序列的读权限与目标序列的写权限。需要注意的是源序列数据可能因为权限不足而仅能获取部分数据,目标序列写入权限不足时会报错终止任务。</li><li>View 权限与数据源的权限是独立的,向 view 执行读写操作仅会检查 view 的权限,而不再对源路径进行权限校验。</li></ol><h2 id="功能语法与示例" tabindex="-1"><a class="header-anchor" href="#功能语法与示例"><span>功能语法与示例</span></a></h2><p>IoTDB 提供了组合权限,方便用户授权:</p><table><thead><tr><th>权限名称</th><th>权限范围</th></tr></thead><tbody><tr><td>ALL</td><td>所有权限</td></tr><tr><td>READ</td><td>READ_SCHEMA、READ_DATA</td></tr><tr><td>WRITE</td><td>WRITE_SCHEMA、WRITE_DATA</td></tr></tbody></table><p>组合权限并不是一种具体的权限,而是一种简写方式,与直接书写对应的权限名称没有差异。</p><p>下面将通过一系列具体的用例展示权限语句的用法,非管理员执行下列语句需要提前获取权限,所需的权限标记在操作描述后。</p><h3 id="用户与角色相关" tabindex="-1"><a class="header-anchor" href="#用户与角色相关"><span>用户与角色相关</span></a></h3><ul><li>创建用户(需 MANAGE_USER 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>CREATE USER <userName> <password> |
| eg: CREATE USER user1 'passwd' |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>删除用户 (需 MANEGE_USER 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>DROP USER <userName> |
| eg: DROP USER user1 |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>创建角色 (需 MANAGE_ROLE 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>CREATE ROLE <roleName> |
| eg: CREATE ROLE role1 |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>删除角色 (需 MANAGE_ROLE 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>DROP ROLE <roleName> |
| eg: DROP ROLE role1 |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>赋予用户角色 (需 MANAGE_ROLE 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>GRANT ROLE <ROLENAME> TO <USERNAME> |
| eg: GRANT ROLE admin TO user1 |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>移除用户角色 (需 MANAGE_ROLE 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>REVOKE ROLE <ROLENAME> FROM <USER> |
| eg: REVOKE ROLE admin FROM user1 |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>列出所有用户 (需 MANEGE_USER 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>LIST USER |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div></div></div><ul><li>列出所有角色 (需 MANAGE_ROLE 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>LIST ROLE |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div></div></div><ul><li>列出指定角色下所有用户 (需 MANEGE_USER 权限)</li></ul><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>LIST USER OF ROLE <roleName> |
| eg: LIST USER OF ROLE roleuser |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>列出指定用户下所有角色</li></ul><p>用户可以列出自己的角色,但列出其他用户的角色需要拥有 MANAGE_ROLE 权限。</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>LIST ROLE OF USER <username> |
| eg: LIST ROLE OF USER tempuser |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>列出用户所有权限</li></ul><p>用户可以列出自己的权限信息,但列出其他用户的权限需要拥有 MANAGE_USER 权限。</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>LIST PRIVILEGES OF USER <username>; |
| eg: LIST PRIVILEGES OF USER tempuser; |
| |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>列出角色所有权限</li></ul><p>用户可以列出自己具有的角色的权限信息,列出其他角色的权限需要有 MANAGE_ROLE 权限。</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>LIST PRIVILEGES OF ROLE <roleName>; |
| eg: LIST PRIVILEGES OF ROLE actor; |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><ul><li>更新密码</li></ul><p>用户可以更新自己的密码,但更新其他用户密码需要具备MANAGE_USER 权限。</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>ALTER USER <username> SET PASSWORD <password>; |
| eg: ALTER USER tempuser SET PASSWORD 'newpwd'; |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><h3 id="授权与取消授权" tabindex="-1"><a class="header-anchor" href="#授权与取消授权"><span>授权与取消授权</span></a></h3><p>用户使用授权语句对赋予其他用户权限,语法如下:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>GRANT <PRIVILEGES> ON <PATHS> TO ROLE/USER <NAME> [WITH GRANT OPTION]; |
| eg: GRANT READ ON root.** TO ROLE role1; |
| eg: GRANT READ_DATA, WRITE_DATA ON root.t1.** TO USER user1; |
| eg: GRANT READ_DATA, WRITE_DATA ON root.t1.**,root.t2.** TO USER user1; |
| eg: GRANT MANAGE_ROLE ON root.** TO USER user1 WITH GRANT OPTION; |
| eg: GRANT ALL ON root.** TO USER user1 WITH GRANT OPTION; |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><p>用户使用取消授权语句可以将其他的权限取消,语法如下:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>REVOKE <PRIVILEGES> ON <PATHS> FROM ROLE/USER <NAME>; |
| eg: REVOKE READ ON root.** FROM ROLE role1; |
| eg: REVOKE READ_DATA, WRITE_DATA ON root.t1.** FROM USER user1; |
| eg: REVOKE READ_DATA, WRITE_DATA ON root.t1.**, root.t2.** FROM USER user1; |
| eg: REVOKE MANAGE_ROLE ON root.** FROM USER user1; |
| eg: REVOKE ALL ON ROOT.** FROM USER user1; |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><ul><li><p><strong>非管理员用户执行授权/取消授权语句时,需要对<PATHS> 有<PRIVILEGES> 权限,并且该权限是被标记带有 WITH GRANT OPTION 的。</strong></p></li><li><p>在授予取消全局权限时,或者语句中包含全局权限时(ALL 展开会包含全局权限),须指定 path 为 root.**。 例如,以下授权/取消授权语句是合法的:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>GRANT MANAGE_USER ON root.** TO USER user1; |
| GRANT MANAGE_ROLE ON root.** TO ROLE role1 WITH GRANT OPTION; |
| GRANT ALL ON root.** TO role role1 WITH GRANT OPTION; |
| REVOKE MANAGE_USER ON root.** FROM USER user1; |
| REVOKE MANAGE_ROLE ON root.** FROM ROLE role1; |
| REVOKE ALL ON root.** FROM ROLE role1; |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><p>下面的语句是非法的:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>GRANT READ, MANAGE_ROLE ON root.t1.** TO USER user1; |
| GRANT ALL ON root.t1.t2 TO USER user1 WITH GRANT OPTION; |
| REVOKE ALL ON root.t1.t2 FROM USER user1; |
| REVOKE READ, MANAGE_ROLE ON root.t1.t2 FROM ROLE ROLE1; |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div></li><li><p><PATH> 必须为全路径或者以双通配符结尾的匹配路径,以下路径是合法的:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>root.** |
| root.t1.t2.** |
| root.t1.t2.t3 |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><p>以下的路径是非法的:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>root.t1.* |
| root.t1.**.t2 |
| root.t1*.t2.t3 |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div></li></ul><h2 id="示例" tabindex="-1"><a class="header-anchor" href="#示例"><span>示例</span></a></h2><p>根据本文中描述的 <a href="https://github.com/thulab/iotdb/files/4438687/OtherMaterial-Sample.Data.txt" target="_blank" rel="noopener noreferrer">样例数据<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span></a> 内容,IoTDB 的样例数据可能同时属于 ln, sgcc 等不同发电集团,不同的发电集团不希望其他发电集团获取自己的数据库数据,因此我们需要将不同的数据在集团层进行权限隔离。</p><h3 id="创建用户" tabindex="-1"><a class="header-anchor" href="#创建用户"><span>创建用户</span></a></h3><p>使用 <code>CREATE USER <userName> <password></code> 创建用户。例如,我们可以使用具有所有权限的root用户为 ln 和 sgcc 集团创建两个用户角色,名为 ln_write_user, sgcc_write_user,密码均为 write_pwd。建议使用反引号(`)包裹用户名。SQL 语句为:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>CREATE USER `ln_write_user` 'write_pwd' |
| CREATE USER `sgcc_write_user` 'write_pwd' |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><p>此时使用展示用户的 SQL 语句:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>LIST USER |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div></div></div><p>我们可以看到这两个已经被创建的用户,结果如下:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>IoTDB> CREATE USER `ln_write_user` 'write_pwd' |
| Msg: The statement is executed successfully. |
| IoTDB> CREATE USER `sgcc_write_user` 'write_pwd' |
| Msg: The statement is executed successfully. |
| IoTDB> LIST USER; |
| +---------------+ |
| | user| |
| +---------------+ |
| | ln_write_user| |
| | root| |
| |sgcc_write_user| |
| +---------------+ |
| Total line number = 3 |
| It costs 0.012s |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><h3 id="赋予用户权限" tabindex="-1"><a class="header-anchor" href="#赋予用户权限"><span>赋予用户权限</span></a></h3><p>此时,虽然两个用户已经创建,但是他们不具有任何权限,因此他们并不能对数据库进行操作,例如我们使用 ln_write_user 用户对数据库中的数据进行写入,SQL 语句为:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>INSERT INTO root.ln.wf01.wt01(timestamp,status) values(1509465600000,true) |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div></div></div><p>此时,系统不允许用户进行此操作,会提示错误:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>IoTDB> INSERT INTO root.ln.wf01.wt01(timestamp,status) values(1509465600000,true) |
| Msg: 803: No permissions for this operation, please add privilege WRITE_DATA on [root.ln.wf01.wt01.status] |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><p>现在,我们用 root 用户分别赋予他们向对应路径的写入权限.</p><p>我们使用 <code>GRANT <PRIVILEGES> ON <PATHS> TO USER <username></code> 语句赋予用户权限,例如:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>GRANT WRITE_DATA ON root.ln.** TO USER `ln_write_user` |
| GRANT WRITE_DATA ON root.sgcc1.**, root.sgcc2.** TO USER `sgcc_write_user` |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><p>执行状态如下所示:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>IoTDB> GRANT WRITE_DATA ON root.ln.** TO USER `ln_write_user` |
| Msg: The statement is executed successfully. |
| IoTDB> GRANT WRITE_DATA ON root.sgcc1.**, root.sgcc2.** TO USER `sgcc_write_user` |
| Msg: The statement is executed successfully. |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><p>接着使用ln_write_user再尝试写入数据</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>IoTDB> INSERT INTO root.ln.wf01.wt01(timestamp, status) values(1509465600000, true) |
| Msg: The statement is executed successfully. |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><h3 id="撤销用户权限" tabindex="-1"><a class="header-anchor" href="#撤销用户权限"><span>撤销用户权限</span></a></h3><p>授予用户权限后,我们可以使用 <code>REVOKE <PRIVILEGES> ON <PATHS> FROM USER <USERNAME></code>来撤销已经授予用户的权限。例如,用root用户撤销ln_write_user和sgcc_write_user的权限:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>REVOKE WRITE_DATA ON root.ln.** FROM USER `ln_write_user` |
| REVOKE WRITE_DATA ON root.sgcc1.**, root.sgcc2.** FROM USER `sgcc_write_user` |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><p>执行状态如下所示:</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>IoTDB> REVOKE WRITE_DATA ON root.ln.** FROM USER `ln_write_user` |
| Msg: The statement is executed successfully. |
| IoTDB> REVOKE WRITE_DATA ON root.sgcc1.**, root.sgcc2.** FROM USER `sgcc_write_user` |
| Msg: The statement is executed successfully. |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><p>撤销权限后,ln_write_user就没有向root.ln.**写入数据的权限了。</p><div class="language-SQL line-numbers-mode" data-ext="SQL" data-title="SQL"><pre class="language-SQL"><code>IoTDB> INSERT INTO root.ln.wf01.wt01(timestamp, status) values(1509465600000, true) |
| Msg: 803: No permissions for this operation, please add privilege WRITE_DATA on [root.ln.wf01.wt01.status] |
| </code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div></div></div><h2 id="其他说明" tabindex="-1"><a class="header-anchor" href="#其他说明"><span>其他说明</span></a></h2><p>角色是权限的集合,而权限和角色都是用户的一种属性。即一个角色可以拥有若干权限。一个用户可以拥有若干角色与权限(称为用户自身权限)。</p><p>目前在 IoTDB 中并不存在相互冲突的权限,因此一个用户真正具有的权限是用户自身权限与其所有的角色的权限的并集。即要判定用户是否能执行某一项操作,就要看用户自身权限或用户的角色的所有权限中是否有一条允许了该操作。用户自身权限与其角色权限,他的多个角色的权限之间可能存在相同的权限,但这并不会产生影响。</p><p>需要注意的是:如果一个用户自身有某种权限(对应操作 A),而他的某个角色有相同的权限。那么如果仅从该用户撤销该权限无法达到禁止该用户执行操作 A 的目的,还需要从这个角色中也撤销对应的权限,或者从这个用户将该角色撤销。同样,如果仅从上述角色将权限撤销,也不能禁止该用户执行操作 A。</p><p>同时,对角色的修改会立即反映到所有拥有该角色的用户上,例如对角色增加某种权限将立即使所有拥有该角色的用户都拥有对应权限,删除某种权限也将使对应用户失去该权限(除非用户本身有该权限)。</p><h2 id="升级说明" tabindex="-1"><a class="header-anchor" href="#升级说明"><span>升级说明</span></a></h2><p>在 1.3 版本前,权限类型较多,在这一版实现中,权限类型做了精简,并且添加了对权限路径的约束。</p><p>数据库 1.3 版本的权限路径必须为全路径或者以双通配符结尾的匹配路径,在系统升级时,会自动转换不合法的权限路径和权限类型。<br> 路径上首个非法节点会被替换为<code>**</code>, 不在支持的权限类型也会映射到当前系统支持的权限上。</p><p>例如:</p><table><thead><tr><th>权限类型</th><th>权限路径</th><th>映射之后的权限类型</th><th>权限路径</th></tr></thead><tbody><tr><td>CREATE_DATBASE</td><td>root.db.t1.*</td><td>MANAGE_DATABASE</td><td>root.**</td></tr><tr><td>INSERT_TIMESERIES</td><td>root.db.t2.*.t3</td><td>WRITE_DATA</td><td>root.db.t2.**</td></tr><tr><td>CREATE_TIMESERIES</td><td>root.db.t2*c.t3</td><td>WRITE_SCHEMA</td><td>root.db.**</td></tr><tr><td>LIST_ROLE</td><td>root.**</td><td>(忽略)</td><td></td></tr></tbody></table><p>新旧版本的权限类型对照可以参照下面的表格(--IGNORE 表示新版本忽略该权限):</p><table><thead><tr><th>权限名称</th><th>是否路径相关</th><th>新权限名称</th><th>是否路径相关</th></tr></thead><tbody><tr><td>CREATE_DATABASE</td><td>是</td><td>MANAGE_DATABASE</td><td>否</td></tr><tr><td>INSERT_TIMESERIES</td><td>是</td><td>WRITE_DATA</td><td>是</td></tr><tr><td>UPDATE_TIMESERIES</td><td>是</td><td>WRITE_DATA</td><td>是</td></tr><tr><td>READ_TIMESERIES</td><td>是</td><td>READ_DATA</td><td>是</td></tr><tr><td>CREATE_TIMESERIES</td><td>是</td><td>WRITE_SCHEMA</td><td>是</td></tr><tr><td>DELETE_TIMESERIES</td><td>是</td><td>WRITE_SCHEMA</td><td>是</td></tr><tr><td>CREATE_USER</td><td>否</td><td>MANAGE_USER</td><td>否</td></tr><tr><td>DELETE_USER</td><td>否</td><td>MANAGE_USER</td><td>否</td></tr><tr><td>MODIFY_PASSWORD</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>LIST_USER</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>GRANT_USER_PRIVILEGE</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>REVOKE_USER_PRIVILEGE</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>GRANT_USER_ROLE</td><td>否</td><td>MANAGE_ROLE</td><td>否</td></tr><tr><td>REVOKE_USER_ROLE</td><td>否</td><td>MANAGE_ROLE</td><td>否</td></tr><tr><td>CREATE_ROLE</td><td>否</td><td>MANAGE_ROLE</td><td>否</td></tr><tr><td>DELETE_ROLE</td><td>否</td><td>MANAGE_ROLE</td><td>否</td></tr><tr><td>LIST_ROLE</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>GRANT_ROLE_PRIVILEGE</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>REVOKE_ROLE_PRIVILEGE</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>CREATE_FUNCTION</td><td>否</td><td>USE_UDF</td><td>否</td></tr><tr><td>DROP_FUNCTION</td><td>否</td><td>USE_UDF</td><td>否</td></tr><tr><td>CREATE_TRIGGER</td><td>是</td><td>USE_TRIGGER</td><td>否</td></tr><tr><td>DROP_TRIGGER</td><td>是</td><td>USE_TRIGGER</td><td>否</td></tr><tr><td>START_TRIGGER</td><td>是</td><td>USE_TRIGGER</td><td>否</td></tr><tr><td>STOP_TRIGGER</td><td>是</td><td>USE_TRIGGER</td><td>否</td></tr><tr><td>CREATE_CONTINUOUS_QUERY</td><td>否</td><td>USE_CQ</td><td>否</td></tr><tr><td>DROP_CONTINUOUS_QUERY</td><td>否</td><td>USE_CQ</td><td>否</td></tr><tr><td>ALL</td><td>否</td><td>All privilegs</td><td></td></tr><tr><td>DELETE_DATABASE</td><td>是</td><td>MANAGE_DATABASE</td><td>否</td></tr><tr><td>ALTER_TIMESERIES</td><td>是</td><td>WRITE_SCHEMA</td><td>是</td></tr><tr><td>UPDATE_TEMPLATE</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>READ_TEMPLATE</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>APPLY_TEMPLATE</td><td>是</td><td>WRITE_SCHEMA</td><td>是</td></tr><tr><td>READ_TEMPLATE_APPLICATION</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>SHOW_CONTINUOUS_QUERIES</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>CREATE_PIPEPLUGIN</td><td>否</td><td>USE_PIPE</td><td>否</td></tr><tr><td>DROP_PIPEPLUGINS</td><td>否</td><td>USE_PIPE</td><td>否</td></tr><tr><td>SHOW_PIPEPLUGINS</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>CREATE_PIPE</td><td>否</td><td>USE_PIPE</td><td>否</td></tr><tr><td>START_PIPE</td><td>否</td><td>USE_PIPE</td><td>否</td></tr><tr><td>STOP_PIPE</td><td>否</td><td>USE_PIPE</td><td>否</td></tr><tr><td>DROP_PIPE</td><td>否</td><td>USE_PIPE</td><td>否</td></tr><tr><td>SHOW_PIPES</td><td>否</td><td>-- IGNORE</td><td></td></tr><tr><td>CREATE_VIEW</td><td>是</td><td>WRITE_SCHEMA</td><td>是</td></tr><tr><td>ALTER_VIEW</td><td>是</td><td>WRITE_SCHEMA</td><td>是</td></tr><tr><td>RENAME_VIEW</td><td>是</td><td>WRITE_SCHEMA</td><td>是</td></tr><tr><td>DELETE_VIEW</td><td>是</td><td>WRITE_SCHEMA</td><td>是</td></tr></tbody></table></div><!--[--><!----><!--]--><footer class="vp-page-meta"><div class="vp-meta-item edit-link"><a href="https://github.com/apache/iotdb-docs/edit/main/src/zh/UserGuide/latest/User-Manual/Authority-Management.md" rel="noopener noreferrer" target="_blank" aria-label="发现错误?在 GitHub 上编辑此页" class="nav-link vp-meta-label"><!--[--><svg xmlns="http://www.w3.org/2000/svg" class="icon edit-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="edit icon"><path d="M430.818 653.65a60.46 60.46 0 0 1-50.96-93.281l71.69-114.012 7.773-10.365L816.038 80.138A60.46 60.46 0 0 1 859.225 62a60.46 60.46 0 0 1 43.186 18.138l43.186 43.186a60.46 60.46 0 0 1 0 86.373L588.879 565.55l-8.637 8.637-117.466 68.234a60.46 60.46 0 0 1-31.958 11.229z"></path><path d="M728.802 962H252.891A190.883 190.883 0 0 1 62.008 771.98V296.934a190.883 190.883 0 0 1 190.883-192.61h267.754a60.46 60.46 0 0 1 0 120.92H252.891a69.962 69.962 0 0 0-69.098 69.099V771.98a69.962 69.962 0 0 0 69.098 69.098h475.911A69.962 69.962 0 0 0 797.9 771.98V503.363a60.46 60.46 0 1 1 120.922 0V771.98A190.883 190.883 0 0 1 728.802 962z"></path></svg><!--]-->发现错误?在 GitHub 上编辑此页<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></div><div class="vp-meta-item git-info"><div class="update-time"><span class="vp-meta-label">上次编辑于: </span><!----></div><!----></div></footer><nav class="vp-page-nav"><a class="route-link nav-link prev" href="/zh/UserGuide/latest/User-Manual/Database-Programming.html" aria-label="数据库编程"><div class="hint"><span class="arrow start"></span>上一页</div><div class="link"><!---->数据库编程</div></a><a class="route-link nav-link next" href="/zh/UserGuide/latest/User-Manual/Maintennance.html" aria-label="运维语句"><div class="hint">下一页<span class="arrow end"></span></div><div class="link">运维语句<!----></div></a></nav><!----><!--[--><!----><!--]--><!--]--></main><!--]--><footer style="padding-bottom:2rem;"><span id="doc-version" style="display:none;">latest</span><p style="text-align:center;color:#909399;font-size:12px;margin:0 30px;">Copyright © 2024 The Apache Software Foundation.<br> Apache and the Apache feather logo are trademarks of The Apache Software Foundation</p><p style="text-align:center;margin-top:10px;color:#909399;font-size:12px;margin:0 30px;"><strong>Have a question?</strong> Connect with us on QQ, WeChat, or Slack. <a href="https://github.com/apache/iotdb/issues/1995">Join the community</a> now.</p></footer></div><!--]--><!--]--><!--[--><!----><!--]--><!--]--></div> |
| <script type="module" src="/assets/app-DrPcRZG6.js" defer></script> |
| </body> |
| </html> |
