資料庫使用者許可權管理(一)
阿新 • • 發佈:2019-02-20
一個使用者的許可權可以分為兩大類
一類是建立使用者的時候指定的:
登入(login)[需要注意,user自帶login許可權,role不帶]
建立使用者、角色(createuser/role)
許可權繼承(inherit)
建立資料庫(createdb)
超級使用者(superuser)
等等
一類是建立使用者的時候指定的:
登入(login)[需要注意,user自帶login許可權,role不帶]
建立使用者、角色(createuser/role)
許可權繼承(inherit)
建立資料庫(createdb)
超級使用者(superuser)
等等
舉例:
highgo=# create role trole with createrole inherit; CREATE ROLE highgo=# \c highgo trole; ????: 28000: ?????"trole" ???? Previous connection kept highgo=# alter user trole with login; ALTER ROLE highgo=# \c highgo trole; PSQL: Release 4.1.1 Connected to: HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production You are now connected to database "highgo" as user "trole". highgo=>
另一類是通過grant和revoke來管理的:
資料庫中建立臨時表、模式、普通表、函式等
對資料庫中資料的增刪改查等
對序列的查詢、使用、更新等
將一個使用者的許可權賦予給另一個使用者
......
將資料庫邏輯結構物件的操作許可權賦予給某個使用者/角色,格式如下:
GRANT privileges ON database_obj TO user_name; 舉例: grant select,insert on table test to test; highgo=> \c highgo test PSQL: Release 4.1.1 Connected to: HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production You are now connected to database "highgo" as user "test". highgo=> select * from test limit 6; 錯誤: 42501: 對關係 test 許可權不夠 highgo=> \c highgo highgo PSQL: Release 4.1.1 Connected to: HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production You are now connected to database "highgo" as user "highgo". highgo=# grant select,insert on table test to test; GRANT highgo=# \c highgo test; PSQL: Release 4.1.1 Connected to: HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production You are now connected to database "highgo" as user "test". highgo=> select * from test limit 6; id | name | profession ----+-------+------------ 1 | TOM | accounting 1 | JERRY | accounting 2 | JERRY | accounting 2 | JUGG | Business 10 | 瀚高 | 基礎軟體 11 | 瀚高 | 基礎軟體 (6 rows)
BY 海無涯