In DWS, services can be isolated by databases and schemas. Databases share little resources and cannot directly access each other. Connections to and permissions on them are also isolated. Schemas share more resources than databases do. User permissions on schemas and subordinate objects can be controlled using the GRANT and REVOKE syntax.
- You are advised to use schemas to isolate services for convenience and resource sharing.
- It is recommended that system administrators create schemas and databases and then assign required permissions to users.
- [Proposal] Create databases as required by your business. Do not use the default postgres database of a cluster.
- [Proposal] Create a maximum of three user-defined databases in a cluster.
- [Proposal] To make your database compatible with most characters, you are advised to use the UTF-8 encoding when creating a database.
- [Notice] When you create a database, exercise caution when you set ENCODING and DBCOMPATIBILITY configuration items. DBCOMPATIBILITY can be set to TD or Oracle to be compatible with Teradata or Oracle syntax, respectively. Syntax behavior in the two modes is different.
- [Notice] By default, a database owner has all permissions for all objects in the database, including the deletion permission. Exercise caution when using the deletion permission.
- [Notice] To let a user access an object in a schema, assign the usage permission and the permissions for the object to the user, unless the user has the sysadmin permission or is the schema owner.
- [Notice] To let a user create an object in the schema, grant the create permission for the schema to the user.
- [Notice] By default, a schema owner has all permissions for all objects in the schema, including the deletion permission. Exercise caution when using the deletion permission.