1.创建用户:
create user pgdbAdmin with password "Pgdb_15432";
2.创建数据库:
create database pgdb owner pgdbAdmin;
3.创建SCHEMA;
create schema pgdbAdmin;
4.赋予数据库管理员用户权限:
grant all privileges on database pgdb to pgdbAdmin;
grant usage on schema public,pgdbAdmin to pgdbAdmin;
grant all privileges on all tables in schema public,pgdbAdmin to pgdbAdmin;
grant all privileges on all sequences in schema public,pgdbAdmin to pgdbAdmin;
grant select,insert,update,delete on all tables in schema public,pgdbAdmin to pgdbAdmin;
grant all on schema public,pgdbAdmin to pgdbAdmin;
5.赋予数据库其他用户权限(只读):
create user pgdbRead with password "Pgdb_15432"
alter user pgdbRead set default_transaction_read_only = on;
grant CONNECT ON DATABASE pgdb to pgdbRead;
grant USAGE ON SCHEMA public,pgdbAdmin TO pgdbRead;
6.赋予schema下所有表的只读权限
grant SELECT ON all tables in schema public,pgdbAdmin to pgdbRead;
7.修改用户属性,继承该schema下的只读权限
alter default privileges in schema public,pgdbAdmin grant select on tables to pgdbRead;
8.修改默认的SEARCH_PATH:
alter role pgdbRead set search_path = "$user",pgdbAdmin,public;