SELECT、UPDATE、INSERT和DELETE权限,并使这些授权适用于指定数据库中的所有表。在Postgres中,我可能遗漏了一些东西,因为看起来我必须逐个表授予这些权限。对于每个数据库和每个数据库中的数百张表而言,这似乎是一个艰巨的任务,难以启动。此外,一旦数据库投入运行,添加表的频率足够高,以至于我不想每次都授予权限,除非绝对必要。REVOKE CONNECT ON DATABASE your_database FROM PUBLIC;
GRANT CONNECT
ON DATABASE database_name
TO user_name;
REVOKE是必要的因为
关键字PUBLIC表示权限将授予所有角色,包括以后可能创建的角色。PUBLIC可以被视为一个隐式定义的组,始终包括所有角色。任何特定角色将直接被授予的权限总和,当前成员角色被授予的权限以及PUBLIC被授予的权限。
如果您真的想限制用户只能执行DML语句,那么还有一些工作要做:
REVOKE ALL
ON ALL TABLES IN SCHEMA public
FROM PUBLIC;
GRANT SELECT, INSERT, UPDATE, DELETE
ON ALL TABLES IN SCHEMA public
TO user_name;
ALTER DEFAULT PRIVILEGES
FOR ROLE some_role -- Alternatively "FOR USER"
IN SCHEMA public
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user_name;
some_role是创建表的角色,而user_name则是获得权限的人。定义这个时,你必须以some_role或其成员身份登录。USAGE权限。grant all privileges on database dbname to dbuser;
其中dbname是您的数据库名称,dbuser是用户的名称。
CREATE, CONNECT, TEMPORARY。对表没有任何权限。 - dezsoGRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO dbuser;。 - Dolan AntenucciGRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO dbuser; - PaoloGRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA <schema_name> TO <username>;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA <schema_name> TO <username>;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE, DELETE ON tables TO user_name;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, USAGE ON sequences TO user_name;
--Create User
CREATE USER my_user_test WITH LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOREPLICATION CONNECTION LIMIT -1 PASSWORD 'xxxxxxx';
-- Grant connect to my data base
GRANT CONNECT ON DATABASE my_db_test TO my_user_test;
-- Grant usage the schema
GRANT USAGE ON SCHEMA my_sch_test TO my_user_test ;
-- Grant all table for SELECT, INSERT, UPDATE, DELETE
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA my_sch_test TO my_user_test;
FOR some_role是我之前在后续创建的表中遗漏的关键部分。但是我并不需要以some_role的身份登录,如果我以默认管理员postgres用户执行查询,它也能正常工作。 - JustAMartin