下述为用户权限管理语句的语法：

    GRANT privilege_type_list ON privilege_level TO user_option_list [WITH GRANT OPTION];
revoke_stmt:
    REVOKE privilege_type_list ON privilege_level FROM user_name_list;
show_grants_stmt:
    SHOW GRANTS [FOR user_name];
privilege_type_list:
    {ALL [PRIVILEGES] | privilege_type [, privilege_type ...]}
privilege_type:
      ALTER
    | CREATE
    | CREATE USER
    | CREATE VIEW
    | DELETE
    | DROP
    | GRANT OPTION
    | INDEX
    | INSERT
    | PROCESS
    | SHOW DATABASES
    | SHOW VIEW
    | UPDATE
    | USAGE
privilege_level:
      *
    | *.*
    | database_name.*
    | database_name.table_name
    | table_name
user_option_list:
    user_option [, user_option ...]
user_option:
    user_name [IDENTIFIED BY 'password']
password:
    STR_VALUE
user_name_list:
    user_name [, user_name ...]

下述为用户管理语法树：

create_user_stmt:
    CREATE USER [IF NOT EXISTS] user_name [IDENTIFIED BY "password"];
      ALTER USER user_name ACCOUNT {LOCK | UNLOCK};
    | SET PASSWORD [FOR user_name] = PASSWORD("password");
drop_user_stmt:
    DROP USER user_name_list [cascade];
user_name_list:
    user_name [, user_name ...]
password:
    STR_VALUE

ob_tcp_invited_nodes 参数是租户全局的白名单限制参数。运行下述语句查看该参数以确认白名单：

obclient> show variables like 'ob_tcp_invited_nodes';
+----------------------+-------+
| Variable_name        | Value |
+----------------------+-------+
| ob_tcp_invited_nodes | %     |
+----------------------+-------+

Lock 用户操作：

obclient>  ALTER USER demo ACCOUNT LOCK ;
Query OK, 0 rows affected (0.02 sec)
obclient -udemo@demo0_111 -P2881 -h11.166.87.1   -pttt
obclient: [Warning] Using a password on the command line interface can be insecure.
ERROR 5039 (01007): User locked

权限授予操作：

obclient>  grant SELECT  on demo.*  TO demo;

权限摘除操作：

obclient> revoke  SELECT  on demo.*  from demo;
Query OK, 0 rows affected (0.03 sec)
obclient -udemo@demo0_111 -P2881 -h11.166.87.1   -pttt
ERROR 1044 (42000): Access denied for user 'DEMO'@'%' to database 'DEMO'