postgresql|数据库|只读用户的创建和删除(备忘)

bash 复制代码
CREATE USER read_only WITH PASSWORD '密码'
-- 连接到xxx数据库
\c xxx
-- 授予对xxx数据库的只读权限
GRANT CONNECT ON DATABASE xxx TO read_only;
GRANT USAGE ON SCHEMA public TO read_only;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO readonly_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
ALTER DEFAULT PRIVILEGES FOR USER read_only GRANT SELECT, USAGE ON SEQUENCES TO read_only;
ALTER DEFAULT PRIVILEGES FOR USER read_only GRANT  EXECUTE ON FUNCTIONS TO read_only;

                        


-- 连接到xxxdata数据库
\c xxxdata
-- 授予对xxxdata数据库的只读权限
GRANT CONNECT ON DATABASE xxxdata TO read_only;
GRANT USAGE ON SCHEMA public TO read_only;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO readonly_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
ALTER DEFAULT PRIVILEGES FOR USER read_only GRANT SELECT, USAGE ON SEQUENCES TO read_only;
ALTER DEFAULT PRIVILEGES FOR USER read_only GRANT  EXECUTE ON FUNCTIONS TO read_only;

说明:GRANT CONNECT ON DATABASE xxx TO read_only; 这里是显式的指定连接哪个数据库,read_only 是用户名称

GRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only; public是默认的模式,如果不是,需要显式的指定哪个模式

ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only; 是让后续在此模式创建的对象仍然有查询权限

删除read_only 用户

首先,直接删除必定失败,如果目前这个模式下有表的情况下

bash 复制代码
DROP user read_only

报错提示如下:

bash 复制代码
DROP user read_only
> ERROR:  role "read_only" cannot be dropped because some objects depend on it
DETAIL:  privileges for schema public
privileges for database test
privileges for table teachers
privileges for table courses
privileges for default privileges on new relations belonging to role postgres in schema public

根据报错提示逐条解决依赖问题就可以彻底删除此用户了,SQL如下:

bash 复制代码
REVOKE ALL PRIVILEGES on DATABASE test FROM read_only
REVOKE ALL PRIVILEGES on SCHEMA "public" FROM read_only
REVOKE ALL PRIVILEGES ON ALL tables IN SCHEMA "public" FROM read_only
ALTER DEFAULT PRIVILEGES in SCHEMA PUBLIC REVOKE SELECT ON tables FROM read_only

删除用户其实主要就是根据日志来删除,哪留的有关联权限,删除掉就可以了,没什么好说的

相关推荐
Liu1bo9 分钟前
【MySQL】表的约束
linux·数据库·mysql
胖胖的战士24 分钟前
Mysql 数据库迁移
数据库·mysql
czhc114007566341 分钟前
LINUX1012 mysql GLIBC安装
数据库·mysql
DemonAvenger1 小时前
深入 Redis Hash:从原理到实战,10 年经验的后端工程师带你玩转哈希结构
数据库·redis·性能优化
❥ღ Komo·1 小时前
PHP数据库操作全攻略
数据库·oracle
程序新视界2 小时前
MySQL的整体架构及功能详解
数据库·后端·mysql
ANYOLY2 小时前
MySQL索引指南
数据库·mysql
怪兽20143 小时前
Redis过期键的删除策略有哪些?
java·数据库·redis·缓存·面试
骑士雄师4 小时前
使用 IntelliJ IDEA 结合 DBeaver 连接 MySQL 数据库并实现数据增删查改的详细步骤:
数据库·mysql·intellij-idea
呼哧呼哧.9 小时前
Spring的核心思想与注解
数据库·sql·spring