PostgreSQL 数据库管理
首先需要知道Pg的数据库逻辑分层1. Database -> 2. Schema -> 3. Table; Pg 的用户有1.Superuser 2. User Group 3. User
1. 创建用户
create role name (create role 后面可以有很多options,下面举一些例子 )
create role name login (用户可以connect database,default create cannot login; CREATE USER is equivalent to CREATE ROLE WITH LOGIN) create role name with login createdb createrole (用户可以create role and create db ) create role name with login password 'string' alter role name password string
2. 创建Group
(这里我们创建group:test,以及两个role: dev1,dev2)
create role user_group create role dev1 with login create role dev2 with login grant test to dev1 (向test添加成员) -
grant test to dev2 lmy=# du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
dev1 | | {test}
dev2 | | {test}
lmy | Superuser,Create role,Create DB,Replication,Bypass RLS | {}
test | Cannot login | {}
-
revoke test from dev2 (从test移出成员) lmy=# revoke test from dev2;
REVOKE ROLE
lmy=# du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
dev1 | | {test}
dev2 | | {}
lmy | Superuser,Bypass RLS | {}
test | Cannot login
-
Group 的设计就是为了方便权限的管理,所以成员可以继承group的一些权限 属性: superuser createdb createrole login password 是不会被继承的
grant all on schema.table to role grant all on all tables in schema schema to role revoke all on schema.table to role revoke all on all tables in schema schema to role
Database 管理
Pg的database 默认是任意可以login 的role 都可以access,若要进行限制
REVOKE connect ON DATABASE database FROM PUBLIC; (编辑:李大同)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
