Connect to the database (super administrator postgres)
psql -U postgres
View currently logged in user/database
postgres=# \c
You are now connected to database "postgres" as user "postgres".
mydb=# select current_database();
current_database
------------------
mydb
(1 行)
postgres=# select user;
postgres=# select current_user;
current_user
--------------
postgres
(1 行记录)
Both of the above commands are available.
Create database (mydb)
postgres=# create database mydb;
CREATE DATABASE
There is a
publicschema by default.
Switch to the specified Database and create a schema (with the same name as the user name [Tenant])
postgres=# \c mydb
You are now connected to database "mydb" as user "postgres".
postgres=# create schema myuser;
CREATE SCHEMA
\lList database
\dtList tables
\d tblnameView table structure
\diView indexes
Create a user (with the same name as the schema [tenant]) (you can grant permissions at the same time when creating a user)
postgres=# create user myuser with password '1234';
CREATE ROLE
There is no distinction between users and roles in PostgreSQL.
CREATE USERAsCREATE ROLEan alias of , the two commands are almost identical. The only difference is that
CREATE USERthe users created by the command have the LOGIN attribute by default, and
CREATE ROLEthe users created by the command do not have the LOGIN attribute by default.
Role Attributes (Attributes define the permissions of a role)
| Attributes | illustrate |
|---|---|
| login | Only roles with the LOGIN attribute can be used as the initial role name for database connections. |
| superuser | database superuser |
| createdb | Create database permissions |
| createrole | Create or delete other normal user roles (except superuser) |
| replication | A user attribute used when doing stream replication, usually set separately. |
| password | It will only work when you are required to specify a password when logging in, such as md5 or password mode, which is related to the client's connection authentication method. |
| inherit | An inheritance flag of a user group for group members. Members can inherit the permission characteristics of the user group. |
| … | … |
View role information: \duor \du+view, you can also view the system tableselect * from pg_roles;
Authorize
Authorized user's schema usage rights:
postgres=# GRANT USAGE ON SCHEMA myuser TO myuser;
GRANT
Authorized user 数据库permissions: (At this time, you have database operation permissions and can create schema, but you do not have table operation permissions)
postgres=# GRANT ALL PRIVILEGES ON DATABASE mydb TO myuser;
GRANT
All permissions granted to users 全部表: (permissions to create tables, delete tables, add, delete, modify, and query table data, etc.)
postgres=# GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA myuser TO myuser;
GRANT
个别表All permissions granted to the user :
postgres=# GRANT ALL ON mytable TO myuser;
GRANT
Grant user 建表permissions: (create permissions for all tables and specific tables)
postgres=# GRANT CREATE ON DATABASE mydb TO myuser;
GRANT
postgres=# GRANT CREATE ON TABLE mytable TO myuser;(报错)
GRANT
postgres=# GRANT CREATE ON ALL TABLE TO myuser;(报错)
GRANT
Authorize the user to have all tables, sequences, function queries, and execution permissions:
postgres=# GRANT SELECT ON ALL TABLES IN SCHEMA myuser TO myuser;
GRANT
postgres=# GRANT SELECT ON ALL SEQUENCES IN SCHEMA myuser TO myuser;
GRANT
postgres=# GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA myuser TO myuser;
GRANT
Ordinary user login (tenant login)
psql -U myuser -d mydb
Note : At this time, the user belongs to mydb, and the connection must specify database.
Create table
mydb=> create table myuser.dept(no int, dname varchar(30));
Recycle all authorizations
Revoke all user permissions on all tables under SCHEMA:
postgres=# REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA myuser FROM myuser;
Revoke all user permissions in the database:
postgres=# REVOKE ALL PRIVILEGES ON DATABASE mydb FROM myuser;