postgres:如何创建具有插入和更新访问权限的角色
postgres: how to create role with insert and update access
我有一个用户 db_owner,他是我的数据库的所有者,名为 'Sales'。
现在我必须创建两个组(sales_ro 和 sales_riu)然后我将用户添加到这个组。
sales_ro 组应该继承(从 db_owner)对表的读取访问权和对 Sales db
中函数的执行权
sales_riu 组应该继承(从 db_owner)对表的插入和更新访问以及对 Sales 数据库中函数的执行。
我们可以在 Postgres 中创建这样的两个组吗?
您无需创建群组即可实现此目的。您可以只创建角色并将它们分配给您想要的用户。例如:
CREATE ROLE sales_ro;
CREATE ROLE sales_riu;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO sales_ro;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO sales_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO sales_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO sales_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT,INSERT,UPDATE ON TABLES TO sales_riu;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO sales_riu;
之后只需将角色授予预期用户:
GRANT sales_ro TO your_user_1;
GRANT sales_riu TO your_user_2;
请参阅link 1 and link 2以分别了解有关ALTER DEFAULT PRIVILEGES和CREATE ROLE的更多信息。
从上面的链接中引用以下几点:
CREATE ROLE adds a new role to a PostgreSQL database cluster. A role
is an entity that can own database objects and have database
privileges; a role can be considered a “user”, a “group”, or both
depending on how it is used.
A role having the LOGIN attribute can be thought of as a user. Roles
without this attribute are useful for managing database privileges
我有一个用户 db_owner,他是我的数据库的所有者,名为 'Sales'。
现在我必须创建两个组(sales_ro 和 sales_riu)然后我将用户添加到这个组。
sales_ro 组应该继承(从 db_owner)对表的读取访问权和对 Sales db
sales_riu 组应该继承(从 db_owner)对表的插入和更新访问以及对 Sales 数据库中函数的执行。
我们可以在 Postgres 中创建这样的两个组吗?
您无需创建群组即可实现此目的。您可以只创建角色并将它们分配给您想要的用户。例如:
CREATE ROLE sales_ro;
CREATE ROLE sales_riu;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO sales_ro;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO sales_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO sales_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO sales_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT,INSERT,UPDATE ON TABLES TO sales_riu;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO sales_riu;
之后只需将角色授予预期用户:
GRANT sales_ro TO your_user_1;
GRANT sales_riu TO your_user_2;
请参阅link 1 and link 2以分别了解有关ALTER DEFAULT PRIVILEGES和CREATE ROLE的更多信息。
从上面的链接中引用以下几点:
CREATE ROLE adds a new role to a PostgreSQL database cluster. A role is an entity that can own database objects and have database privileges; a role can be considered a “user”, a “group”, or both depending on how it is used.
A role having the LOGIN attribute can be thought of as a user. Roles without this attribute are useful for managing database privileges