After the user successfully creates a DDS instance on the console, the root user will be assigned to perform database operations by default. The root user has super permissions and can read and write to the entire instance's library tables, as well as perform management operations such as creating and deleting.
If the DDS instance is used by multiple businesses, it is recommended to create independent users according to the database and read/write operation types. By assigning the least and most appropriate operating privileges to different types of services, the security risks associated with excessive user privileges can be avoided.
All operations supported by DDS instance are based on the role that defines the operation behavior, such as whether to read or write, and whether to manage or monitor operations. A user can contain 1 or more roles.
You can execute the following command to create a user user1 with read-only access to the db1 database:
db.createUser({user:"user1", pwd: <replace with actual password>, roles:[{role:"read", db:"db1"}]})After successful creation, logging in with user1 will only allow you to see the tables under the db1 database and perform data read operations.
If you want to create a user user2 that can read db1 and can read and write db2, you can execute the following command after logging in as root:
db.createUser({user:"user2", pwd:<replace with actual password>, roles:[{role:"read", db:"db1"}, {role:"readWrite", db:"db2"}]})After successful creation and login with user2, you can see the tables under db1 and db2 databases. You can only perform read operations on the tables in db1, but you can perform table creation and deletion operations, as well as read and write operations on the tables in db2.