01, environment configuration
Create user, and schema
postgres=# create user test1 with password 'test1'; CREATE ROLE postgres=# create user test2 with password 'test2'; CREATE ROLE postgres=# create schema u1; CREATE SCHEMA postgres=# create schema u2; CREATE SCHEMA postgres=# insert into u1.txt1 values (1,'hello') ; INSERT 0 1 postgres=# insert into u1.txt2 values (2,'world') ; INSERT 0 1 postgres=# insert into u2.txt1 values (1,'hello') ; INSERT 0 1 postgres=# insert into u2.txt2 values (2,'world') ; INSERT 0 1 Create an environment
02, access rights
Postgres = # the SELECT CURRENT_USER - view the current Schema Postgres - #; CURRENT_USER - ------------ Postgres (1 row) Postgres = # Show search_path - see the current Schema is public Postgres - #; search_path ----------------- "$user", public (1 row) Postgres = # \ dt - view the current table, and did not find the table you just created List of Relations Schema | the Name | Type | Owner - ------ + ------ + ----- -+ ---------- public | test | table | postgres
Postgres = # \ c Postgres test1; - Login to test1 user by You are now Connected to Database "Postgres" AS the User "test1." Postgres => the SELECT CURRENT_USER ; - - to view the current user CURRENT_USER - ------------ test1 (1 row) Postgres => \ dt; - found only read the current public tables List of Relations Schema | the Name | Type | Owner - ------ + ------ + ------- + ---------- public | test | table | postgres (1 row) postgres=> show search_path ; ---看当前schema search_path ----------------- "$user", public (1 row) Postgres => SET the search_path = ' U1 ' ; - - to switch U1 the SET Postgres => Show the search_path; - View search_path - ----------- u1 (1 row) Postgres => \ dt; - found no table, and the time is not specified yet created me? Did not find any relations. postgres=> set search_path = 'u1'; SET postgres=> show search_path ; search_path - ----------- u1 (1 row) postgres=> \dt; Did not find any relations.
postgres=> select * from u1.test1; --- 查询,没有权限
ERROR: permission denied for schema u1
LINE 1: select * from u1.test1;
Let's take a look through postgres users
postgres=> \c postgres postgres You are now connected to database "postgres" as user "postgres". postgres=# show search_path postgres-# ; search_path ----------------- "$user", public (1 row) postgres=# \d+ List of relations Schema | Name | Type | Owner | Size | Description --------+------+-------+----------+-------+------------- public | test | table | postgres | 16 kB | (1 row) postgres=# set search_path = u1; SET postgres=# \d+ List of relations Schema | Name | Type | Owner | Size | Description --------+------+-------+----------+------------+------------- u1 | txt1 | table | postgres | 8192 bytes | u1 | txt2 | table | postgres | 8192 bytes |
Found that there is no problem. Is it not enough authority?
Then I authorize
postgres=# grant SELECT on u1.txt1 to test1 ; GRANT postgres=# \c postgres test1; You are now connected to database "postgres" as user "test1". postgres=> \d+ List of relations Schema | Name | Type | Owner | Size | Description --------+------+-------+----------+-------+------------- public | test | table | postgres | 16 kB | (1 row) postgres=> set search_path = u1; SET postgres=> \d+ Did not find any relations. postgres=> select * from u1.txt1 ; ERROR: permission denied for schema u1 LINE 1: select * from u1.txt1 ; ^
Found that the authority is not enough
At this time, there is actually one less authority
postgres=# grant USAGE on SCHEMA u1 to test1 ; GRANT postgres=# \c postgres test1 ; You are now connected to database "postgres" as user "test1". postgres=> \dt ; List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | test | table | postgres (1 row) postgres=> set search_path = u1 ; SET postgres=> \dt ; List of relations Schema | Name | Type | Owner --------+------+-------+---------- u1 | txt1 | table | postgres u1 | txt2 | table | postgres
postgres=> select * from txt1
postgres-> ;
id | name
----+-------
1 | hello
1 | hello
(2 rows)
Just set it up
So generally pay attention to when using schema:
1 Need to use postgres to authorize the use of the specified schema (USAGE) permissions to specific users
2 Then grant the permissions required by postgres to specific users
Indispensable