ETCD Authority control There are two concepts , One is the user user, The other is the role role. Users can bind multiple roles , Each role corresponds to multiple groups of authority control , Permissions include read , write , Reading and writing .
This understanding ( A role contains multiple path permission pairs )： role1 /x/a read /x/b write ... role2 /x/c write role3
/x/* readwrite user You can bind at will role, Once it's bound , It means that you can have certain permissions for certain paths .
ETCD（3.4.0） Default is God's perspective , And there are no users and no roles [ No, root]
establish root user （ This is quite special , After creation root Users will automatically mount to root On the role ） etcdctl user add root
Create non root user （ There is no role by default , No permission ） etcdctl user add usersongzijian Get user list etcdctl user
list Creating roles etcdctl role add rolesongzijian Get role list etcdctl role list Add permissions to roles
etcdctl role grant-permission rolesongzijian readwrite /x etcdctl role
grant-permission rolesongzijian read /x/* View permissions for a role etcdctl role get
rolesongzijian Add users to a role etcdctl user grant-role usersongzijian
rolesongzijian Open authentication authority （ After that, many sensitive operations must be carried out globally user and password） etcdctl auth enable
For example, write a random piece of data etcdctl --user="root" --password="123456" put k 'v'
Here you can set some permissions by yourself , Then test your feelings . There are no examples . Turn off authority authentication etcdctl --user="root"
--password="123456" auth disable