1 系统默认角色
postgres=# select rolname from pg_roles;
rolname
postgres
pg_database_owner
pg_read_all_data
pg_write_all_data
pg_monitor
pg_read_all_settings
pg_read_all_stats
pg_stat_scan_tables
pg_read_server_files
pg_write_server_files
pg_execute_server_program
pg_signal_backend
pg_checkpoint
pg_maintain
pg_use_reserved_connections
pg_create_subscription
(16 rows)
2 用户(角色)管理
#创建用户
postgres=# create user zyb with password 'zyb123';
#查看用户
postgres=# \du
List of roles
Role name | Attributes
-----------+------------------------------------------------------------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS
zyb |
#删除用户
postgres=# drop user zyb;
#授权
添加table授权(SELECT,INSERT,UPDATE,DELETE)
grant SELECT,INSERT,UPDATE,DELETE on test to zyb;
删除table授权
revoke SELECT,INSERT,UPDATE,DELETE on test from zyb;
添加database授权(CREATE,CONNECT,EMPORARY,TEMP )
GRANT CREATE,CONNECT,EMPORARY,TEMP ON DATABASE mydb TO zyb;
删除
revoke CREATE,CONNECT,EMPORARY,TEMP ON DATABASE mydb from zyb
更多帮助信息查看命令: mydb=# \h grant
3 pg_hba.conf
TYPE DATABASE USER ADDRESS METHOD
"local" is for Unix domain socket connections only
local all all trust
#本地登录不需要密码,如psql -U postgres
IPv4 local connections:
host all all 127.0.0.1/32 trust
#本地登录不需要密码,如psql -h 127.0.0.1 -U postgres
IPv6 local connections:
host all all ::1/128 trust
Allow replication connections from localhost, by a user with the
replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
#TYPE
local 本地
host 远程
#ADDRESS
192.168.254.110 单个ip
192.168.254.0/24 ip段
0.0.0.0/0 所有ip都可以登录
#METHOD 常用加密方法
md5,scram-sha-256