github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/docs/user_docs/user-management/manage_user_accounts.md

github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/docs/user_docs/user-management/manage_user_accounts.md (about)

     1  ---
     2  title: Manage user accounts
     3  description: How to manage user accounts
     4  keywords: [user account]
     5  sidebar_position: 1
     6  sidebar_label: Manage user accounts
     7  ---
     8  
     9  # Manage user accounts
    10  
    11  KubeBlocks offers a variety of services to enhance the usability, availability, and observability of database clusters. Different components require user accounts with different permissions to create connections.
    12  
    13  ***Steps***
    14  
    15  - Create a user account
    16  
    17    ```bash
    18    kbcli cluster create-account <clustername> --name <username> --password <pwd> 
    19    ```
    20  
    21  - Grant a role to a user
    22  
    23    ```bash
    24    kbcli cluster grant-role  <clustername> --name <username> --role <rolename>
    25    ```
    26  
    27    KubeBlocks provides three role levels of permission.
    28  
    29    - Superuser: with all permissions.
    30    - ReadWrite: read and write.
    31    - ReadOnly: read only.
    32    
    33    For different database engines, the detailed permission are varied. Check the table below.
    34  
    35      | Role      | MySQL    | PostgreSQL | Redis  |
    36      | :------   | :------- | :------    | :----- |
    37      | Superuser | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON * a user | ALTER USER WITH SUPERUSER | +@ALL allkeys|
    38      | ReadWrite | GRANT SELECT, INSERT, DELETE ON * TO a user | GRANT pg_write_all_data TO a user | -@ALL +@Write +@READ allkeys |
    39      | ReadOnly  | GRANT SELECT, SHOW VIEW ON * TO a user | GRANT pg_read_all_data TO a user | -@ALL +@READ allkeys |
    40  
    41  - Check role level of a user account
    42  
    43    ```bash
    44    kbcli cluster describe-account <clustername> --name <username>
    45    ```
    46  
    47  - Revoke role from a user account
    48  
    49    ```bash
    50    kbcli cluster revoke-role <clustername> --name <name> --role <rolename> 
    51    ```
    52  
    53  - List all user accounts
    54  
    55    ```bash
    56    kbcli cluster list-accounts  <clustername>  
    57    ```
    58  
    59    :::note
    60  
    61    For security reasons, the `list-accounts` command does not show all accounts. Accounts with high privilege such as operational accounts and superuser accounts that meet certain rules are hidden. Refer to the table below to view the hidden accounts.
    62  
    63    :::
    64  
    65    | Database    | Hidden Accounts                     |
    66    | :---        | :---                                |
    67    | MySQL       | root <br />kb* <br />Localhost = '' |
    68    | PostgreSQL  | Postgres <br />kb*                  |
    69  
    70  - Delete a user account
    71  
    72    ```bash
    73    kbcli cluster delete-account <clustername> --name <username> 
    74    ```