现在是通过租户级别来设置白名单，我想让租户下的莫个用户不受白名单控制，如何实现？

OB是通过租户级别来设置白名单，不支持用户级白名单设置，

如果希望实现更细粒度的访问控制，比如针对不同用户设置不同的权限，建议使用 OceanBase 的角色管理和权限控制功能，这些功能可以帮助您定义用户可以执行的操作，但这不同于 IP 白名单机制。

不能像MySQL一样用户名后面@IP了？

想通过触发器在用户登入的时候进行管控，像oracle 的 before logon on database 这样数据库级别触发器，ob有没有类似的机制？

MySQL模式不支持类似这种登陆触发器

目前仍然支持用户级白名单。

1、160主机上连接数据库，并创建测试用户（test@‘192.168.56.131’）
[root@oceanbase ~]# obclient -h192.168.56.160 -P2881 -uroot@mysql -p’welcome123#’ -Doceanbase -A
Welcome to the OceanBase. Commands end with ; or \g.
Your OceanBase connection id is 3221487643
Server version: OceanBase_CE 4.3.2.0 (r100000092024072912-7f239820d2067e8d0983ce6d0f13b5e0491571e3) (Built Jul 29 2024 22:56:28)

Copyright (c) 2000, 2018, OceanBase and/or its affiliates. All rights reserved.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

obclient [oceanbase]>
obclient [oceanbase]> create user test@‘192.168.56.131’ identified by ‘welcome1’;
Query OK, 0 rows affected (0.021 sec)

obclient [oceanbase]> grant all on . to test@‘192.168.56.131’;
Query OK, 0 rows affected (0.021 sec)

obclient [oceanbase]> select user_name, host from __all_user;
±----------±---------------+
| user_name | host |
±----------±---------------+
| root | % |
| mm | % |
| test | 192.168.56.131 |
±----------±---------------+
3 rows in set (0.000 sec)

obclient [oceanbase]> exit
Bye

2、在160主机上测试新用户能否连接数据库
[root@oceanbase ~]# obclient -h192.168.56.160 -P2881 -utest@mysql -p’welcome1’ -Doceanbase -A
ERROR 1045 (42000): Access denied for user ‘test’@‘xxx.xxx.xxx.xxx’ (using password: YES)
[root@oceanbase ~]#

3、在131主机上测试新用户能否连接数据库
[root@mysqldb01 opt]# obclient -h192.168.56.160 -P2881 -utest@mysql -p’welcome1’ -Doceanbase -A
Welcome to the OceanBase. Commands end with ; or \g.
Your OceanBase connection id is 3221487647
Server version: OceanBase_CE 4.3.2.0 (r100000092024072912-7f239820d2067e8d0983ce6d0f13b5e0491571e3) (Built Jul 29 2024 22:56:28)

Copyright (c) 2000, 2018, OceanBase and/or its affiliates. All rights reserved.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

test@192.168.56.160 [oceanbase]>
test@192.168.56.160 [oceanbase]>
test@192.168.56.160 [oceanbase]>exit
Bye
[root@mysqldb01 opt]#

支持的

看下这个

身份鉴别

https://www.oceanbase.com/docs/common-oceanbase-database-cn-1000000001050564