当前位置:网站首页>Database postragesq role membership
Database postragesq role membership
2022-07-05 01:13:00 【wx5d0241bb88268】
21.3. Role membership
It's often convenient to group users together to manage permissions : like that , Permissions can be granted to or reclaimed from an entire group . stay PostgreSQL By creating a role that represents a group , And then the membership in that group role is granted to a separate user role .
To create a group role , First create the character :
CREATE ROLE name;
Roles that are usually used as a group do not need to have LOGIN attribute , But if you want to, you can also set it up . Once the group role exists , You can use GRANT and REVOKE Command to add and remove members :
GRANT group_role TO role1, ... ;
REVOKE group_role FROM role1, ... ;
- 1.
- 2.
You can also grant membership to other group roles ( Because there's no difference between a group role and a non group role ). The database will not let you set up ring Membership . in addition , Membership in a role is not allowed to be granted to PUBLIC.
Members of a group role can use role permissions in two ways . First of all , Each member of can be explicitly a group SET ROLE Coming “ Become ” Group roles . In this state , The database session can access the permissions of the group role instead of the original login role , And any database object created is considered to belong to the group role rather than the login role . second , Yes INHERIT Attribute's member roles automatically have the permissions of the role to which they belong , Include permissions inherited from any group role . As an example , Suppose we already have :
CREATE ROLE joe LOGIN INHERIT;
CREATE ROLE admin NOINHERIT;
CREATE ROLE wheel NOINHERIT;
GRANT admin TO joe;
GRANT wheel TO admin;
- 1.
- 2.
- 3.
- 4.
- 5.
As a character joe After connection , A database session will have immediate ownership granted directly to joe Authority , Plus any grant to admin Authority , because joe“ Inherited ” admin Authority . However , Granted to wheel Permission for is not available , Because even if joe yes wheel An indirect member of , But the membership is through the belt NOINHERIT Attribute admin Got . stay :
SET ROLE admin;
after , The session will only have the grant to admin Authority , But not to joe Authority . In execution :
SET ROLE wheel;
after , The session will only have the grant to wheel Authority , But not to joe or admin Authority . The initial permission state can be restored using one of the following commands :
SET ROLE joe;
SET ROLE NONE;
RESET ROLE;
- 1.
- 2.
- 3.
SET ROLE The command always allows you to select the direct or indirect group role of the original login role . therefore , In the example above , Is becoming wheel You don't have to be admin.
stay SQL In the standard , The difference between users and roles is clear , And users don't automatically inherit permissions, but roles do . This kind of behavior PostgreSQL Can also be achieved in : To be used for SQL The role of the character gives INHERIT attribute , To be used as SQL The role of the user is given NOINHERIT attribute .
however , For backward compatibility 8.1 Previous releases ( Where users always have the rights of their group ),PostgreSQL Default to all characters INHERIT attribute .
Character attributes LOGIN、SUPERUSER、CREATEDB and CREATEROLE It can be thought of as a special privilege , But they
It is never inherited like normal permissions on database objects . To use these properties , You have to be practical SET ROLE To a specific character with one of these attributes . Continue with the above example , We can choose to award CREATEDB and CREATEROLE to admin role . And then one with joe The session to which the role is connected will not immediately have these permissions , Only in execution SET ROLE admin Only after that will we have it .
To destroy a group character , Use DROP ROLE:
DROP ROLE name;
The membership of any role in the group is automatically revoked ( But the member role is not affected ).
边栏推荐
- What happened to those who focused on automated testing?
- 全网最全正则实战指南,拿走不谢
- Talking about JVM 4: class loading mechanism
- Senior Test / development programmers write no bugs? Qualifications (shackles) don't be afraid of mistakes
- Postman automatically fills headers
- 全栈开发提效神器——ApiFox(Postman + Swagger + Mock + JMeter)
- 26.2 billion! These universities in Guangdong Province have received heavy support
- Global and Chinese market of veterinary thermometers 2022-2028: Research Report on technology, participants, trends, market size and share
- Arbitrum:二维费用
- Database postragesql lock management
猜你喜欢
How to use words to describe breaking change in Spartacus UI of SAP e-commerce cloud
The performance of major mainstream programming languages is PK, and the results are unexpected
Arbitrum: two-dimensional cost
揭露测试外包公司,关于外包,你或许听到过这样的声音
[flutter topic] 64 illustration basic textfield text input box (I) # yyds dry goods inventory #
A simple SSO unified login design
Armv8-a programming guide MMU (3)
程序员SQL数据脚本编码能力弱,BI做不出来怎么办?
26.2 billion! These universities in Guangdong Province have received heavy support
Hedhat firewall
随机推荐
华为百万聘请数据治理专家!背后的千亿市场值得关注
[microprocessor] VHDL development of microprocessor based on FPGA
Global and Chinese market of network connected IC card smart water meters 2022-2028: Research Report on technology, participants, trends, market size and share
[wave modeling 1] theoretical analysis and MATLAB simulation of wave modeling
Take you ten days to easily complete the go micro service series (IX. link tracking)
Remote control service
Hand drawn video website
Global and Chinese market of nutrient analyzer 2022-2028: Research Report on technology, participants, trends, market size and share
Basic concept and usage of redis
Pycharm professional download and installation tutorial
揭露测试外包公司,关于外包,你或许听到过这样的声音
SAP ui5 application development tutorial 107 - trial version of SAP ui5 overflow toolbar container control introduction
The server time zone value ‘� й ��� ʱ 'is unrecognized or representatives more than one time zone【
Basic operation of database and table ----- the concept of index
I was beaten by the interviewer because I didn't understand the sorting
Global and Chinese market of portable CNC cutting machines 2022-2028: Research Report on technology, participants, trends, market size and share
Database performance optimization tool
Introduction to the gtid mode of MySQL master-slave replication
【海浪建模3】三维随机真实海浪建模以及海浪发电机建模matlab仿真
Discrete mathematics: Main Normal Form (main disjunctive normal form, main conjunctive normal form)