postgresql|数据库|只读用户的创建和删除(备忘)

bash 复制代码
CREATE USER read_only WITH PASSWORD '密码'
-- 连接到xxx数据库
\c xxx
-- 授予对xxx数据库的只读权限
GRANT CONNECT ON DATABASE xxx TO read_only;
GRANT USAGE ON SCHEMA public TO read_only;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO readonly_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
ALTER DEFAULT PRIVILEGES FOR USER read_only GRANT SELECT, USAGE ON SEQUENCES TO read_only;
ALTER DEFAULT PRIVILEGES FOR USER read_only GRANT  EXECUTE ON FUNCTIONS TO read_only;

                        


-- 连接到xxxdata数据库
\c xxxdata
-- 授予对xxxdata数据库的只读权限
GRANT CONNECT ON DATABASE xxxdata TO read_only;
GRANT USAGE ON SCHEMA public TO read_only;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO readonly_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
ALTER DEFAULT PRIVILEGES FOR USER read_only GRANT SELECT, USAGE ON SEQUENCES TO read_only;
ALTER DEFAULT PRIVILEGES FOR USER read_only GRANT  EXECUTE ON FUNCTIONS TO read_only;

说明:GRANT CONNECT ON DATABASE xxx TO read_only; 这里是显式的指定连接哪个数据库,read_only 是用户名称

GRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only; public是默认的模式,如果不是,需要显式的指定哪个模式

ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only; 是让后续在此模式创建的对象仍然有查询权限

删除read_only 用户

首先,直接删除必定失败,如果目前这个模式下有表的情况下

bash 复制代码
DROP user read_only

报错提示如下:

bash 复制代码
DROP user read_only
> ERROR:  role "read_only" cannot be dropped because some objects depend on it
DETAIL:  privileges for schema public
privileges for database test
privileges for table teachers
privileges for table courses
privileges for default privileges on new relations belonging to role postgres in schema public

根据报错提示逐条解决依赖问题就可以彻底删除此用户了,SQL如下:

bash 复制代码
REVOKE ALL PRIVILEGES on DATABASE test FROM read_only
REVOKE ALL PRIVILEGES on SCHEMA "public" FROM read_only
REVOKE ALL PRIVILEGES ON ALL tables IN SCHEMA "public" FROM read_only
ALTER DEFAULT PRIVILEGES in SCHEMA PUBLIC REVOKE SELECT ON tables FROM read_only

删除用户其实主要就是根据日志来删除,哪留的有关联权限,删除掉就可以了,没什么好说的

相关推荐
召摇17 分钟前
Redis与PostgreSQL缓存性能终极对决:7千次/秒真的够用吗?
redis·postgresql·面试
pccai-vip17 分钟前
系分论文《论非关系型数据库(NoSQL)在社交媒体内容管理系统中的应用》
数据库·nosql·媒体
谱写秋天21 分钟前
软考-系统架构设计师 NoSQL数据库详细讲解
数据库·系统架构·软考架构师
观望过往24 分钟前
非关系型数据库(NoSQL):特性、类型与应用指南
数据库·nosql
阿巴~阿巴~1 小时前
MySQL复合查询(重点)
服务器·数据库·sql·mysql·ubuntu
帧栈1 小时前
开发避坑指南(61):Redis持久化失败:RDB快照因磁盘问题无法保存解决方案
数据库·redis·缓存
瀚高PG实验室2 小时前
Navicat导入Excel至瀚高数据库
数据库·excel·瀚高数据库
dreams_dream2 小时前
Django 数据库迁移命令
数据库·python·django
gsfl3 小时前
redis单线程模型
数据库·redis·缓存
jingfeng5143 小时前
I/O 多路转接select、poll
linux·数据库·sql