一、概念
1.用户
用户是具有登录权限的角色,默认拥有登录数据库的权限。用户可以执行数据库操作,如查询、插入、更新等。
2.角色
角色是一系列相关权限的集合,可以将角色赋给多个用户,共享相同的权限。
二、实操
--创建只读账户
CREATE USER readonly_user WITH PASSWORD 'your_password';
--授予只读用户访问数据库的权限
GRANT CONNECT ON DATABASE your_database TO readonly_user;
--授予public权限
GRANT USAGE ON SCHEMA public TO readonly_user;
--授予只读权限
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly_user;
--禁止修改权限 撤销 "readonly_user" 在 "public" 模式下所有表的所有权限
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM readonly_user;
CREATE USER readonly_users WITH PASSWORD 'readonly';
GRANT CONNECT ON DATABASE tpm TO readonly_users;
GRANT USAGE ON SCHEMA public TO readonly_users;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly_users;
--给单表新增查询权限
GRANT SELECT ON table_name TO readonly_users;
--查看用户
select *
from pg_user;
--查看特定用户的权限
SELECT rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, rolcanlogin, rolreplication
FROM pg_roles;
--查看用户的数据库访问权限
SELECT * FROM pg_catalog.pg_roles r
JOIN pg_catalog.pg_auth_members m ON (r.oid = m.roleid)
JOIN pg_catalog.pg_roles mr ON (m.member = mr.oid)
WHERE mr.rolname = 'readonly_users';
--查看用户的表和列权限
SELECT * FROM information_schema.role_table_grants WHERE grantee = 'your_username';
SELECT * FROM information_schema.role_usage_grants WHERE grantee = 'your_username';
SELECT * FROM information_schema.role_column_grants WHERE grantee = 'your_username';