Postgres based on Schema permission access

Others 2020-04-22 17:44:57 views: null

01, environment configuration

   Create user, and schema

postgres=# create user test1 with password 'test1';
CREATE ROLE
postgres=# create user test2 with password 'test2';
CREATE ROLE
postgres=# create schema u1;
CREATE SCHEMA
postgres=# create schema u2;
CREATE SCHEMA
postgres=# insert into u1.txt1 values (1,'hello')
;
INSERT 0 1
postgres=# insert into u1.txt2 values (2,'world')
;
INSERT 0 1
postgres=# insert into u2.txt1 values (1,'hello')
;
INSERT 0 1
postgres=# insert into u2.txt2 values (2,'world')
;
INSERT 0 1



Create an environment

02, access rights

Postgres = # the SELECT  CURRENT_USER   - view the current Schema 
Postgres - #; 
  CURRENT_USER 
- ------------ 
Postgres
(1 row)

Postgres = # Show search_path - see the current Schema is public 
Postgres - #;
   search_path
-----------------
 "$user", public
(1 row)

Postgres = # \ dt               - view the current table, and did not find the table you just created 
        List of Relations
  Schema  | the Name | Type   |   Owner
 - ------ + ------ + ----- -+ ---------- 
 public  | test |  table  | postgres
Postgres = # \ c Postgres test1;     - Login to test1 user 
by You are now Connected to  Database "Postgres" AS  the User "test1."
Postgres =>  the SELECT  CURRENT_USER ;    - - to view the current user 
 CURRENT_USER 
- ------------ 
test1
(1 row)

Postgres => \ dt;                  - found only read the current public tables 
        List of Relations
  Schema  | the Name | Type   |   Owner
 - ------ + ------ + ------- + ---------- 
 public  | test |  table  | postgres
(1 row)

postgres=> show search_path ;  ---看当前schema
   search_path
-----------------
 "$user", public
(1 row)
Postgres =>  SET the search_path =  ' U1 ' ;    - - to switch U1 
the SET 
Postgres => Show the search_path;    - View
 search_path
- ----------- 
u1
(1 row)

Postgres => \ dt;         - found no table, and the time is not specified yet created me? 
Did not find any relations.



postgres=> set search_path = 'u1';
SET
postgres=> show search_path ;
 search_path
- ----------- 
u1
(1 row)

postgres=> \dt;
Did not find any relations.
postgres=> select * from u1.test1;  --- 查询,没有权限
ERROR:  permission denied for schema u1
LINE 1: select * from u1.test1;

Let's take a look through postgres users

postgres=> \c postgres postgres
You are now connected to database "postgres" as user "postgres".
postgres=# show search_path
postgres-# ;
   search_path
-----------------
 "$user", public
(1 row)

postgres=# \d+
                   List of relations
 Schema | Name | Type  |  Owner   | Size  | Description
--------+------+-------+----------+-------+-------------
 public | test | table | postgres | 16 kB |
(1 row)

postgres=# set search_path = u1;
SET
postgres=# \d+
                      List of relations
 Schema | Name | Type  |  Owner   |    Size    | Description
--------+------+-------+----------+------------+-------------
 u1     | txt1 | table | postgres | 8192 bytes |
 u1     | txt2 | table | postgres | 8192 bytes |

Found that there is no problem. Is it not enough authority?

Then I authorize

postgres=# grant SELECT on u1.txt1 to test1 ;
GRANT
postgres=# \c postgres test1;
You are now connected to database "postgres" as user "test1".
postgres=> \d+
                   List of relations
 Schema | Name | Type  |  Owner   | Size  | Description
--------+------+-------+----------+-------+-------------
 public | test | table | postgres | 16 kB |
(1 row)

postgres=> set search_path = u1;
SET
postgres=> \d+
Did not find any relations.
postgres=> select * from u1.txt1 ;
ERROR:  permission denied for schema u1
LINE 1: select * from u1.txt1 ;
                      ^

Found that the authority is not enough

At this time, there is actually one less authority

postgres=# grant USAGE on SCHEMA u1 to test1 ;
GRANT
postgres=# \c postgres test1 ;
You are now connected to database "postgres" as user "test1".
postgres=> \dt ;
        List of relations
 Schema | Name | Type  |  Owner
--------+------+-------+----------
 public | test | table | postgres
(1 row)

postgres=> set search_path = u1 ;
SET
postgres=> \dt ;
        List of relations
 Schema | Name | Type  |  Owner
--------+------+-------+----------
 u1     | txt1 | table | postgres
 u1     | txt2 | table | postgres

postgres=> select * from txt1
postgres-> ;
 id | name
----+-------
  1 | hello
  1 | hello
(2 rows)

Just set it up

    So generally pay attention to when using schema:

       1 Need to use postgres to authorize the use of the specified schema (USAGE) permissions to specific users

       2 Then grant the permissions required by postgres to specific users

  Indispensable

Guess you like

Origin www.cnblogs.com/kingle-study/p/12753349.html
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com