当前位置:网站首页>PG basics -- Logical Structure Management (user and permission management)
PG basics -- Logical Structure Management (user and permission management)
2022-07-05 19:14:00 【51CTO】
Users and roles
stay postgreSQL in , There is no difference between roles and users , A user is also a role , You can give one user permission to another user . Users and roles are global in the entire database instance , In different databases in the same instance , The users you see are the same .
There is a predefined super user when initializing the database system , The name of this user is the same as the user name of the operating system that initialized the database .
stay pg in , There is no difference between users and roles , except create user Users created by default are login jurisdiction ,create role No user created login Out of authority ,create rule And create user There is no other difference .
How to create users
CREATE USER name [ [ WITH ] option [ ... ] ]
where option can be :
SUPERUSER | NOSUPERUSER # Is it a super user
| CREATEDB | NOCREATEDB # Whether they have create database jurisdiction
| CREATEROLE | NOCREATEROLE # Whether you have permission to create other roles
| INHERIT | NOINHERIT # If the created user has a role , Whether to automatically have role permissions
| LOGIN | NOLOGIN # Is there a LOGIN jurisdiction
| REPLICATION | NOREPLICATION # Copy permission
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT connlimit
| [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
| VALID UNTIL 'timestamp' # Password expiration time
| IN ROLE role_name [ , ... ]
| IN GROUP role_name [ , ... ]
| ROLE role_name [ , ... ]
| ADMIN role_name [ , ... ] #with admin option jurisdiction
| USER role_name [ , ... ]
| SYSID uid
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
Rights management
stay pg in , Each logical structure object of a database has an owner , Any database object belongs to a user , There is no need to give the permission of the object to the owner , Because the owner has all permissions by default . The owner also implicitly has the right to give other users the permission to operate the object
Authority classification
The permissions specified when creating users
Superuser rights
Create database permissions
Is there a login jurisdiction
It can also be done through alter role To modify the
need grant or revoke Authority
Create... In the database schema jurisdiction
Permission to create temporary tables in the specified database
Permission to connect to a database
Permission to create database objects in the schema
select、DML Operating authority
Sequence query , Function USES , Trigger permissions
Designated table , Permissions to index to tablespaces
role_name Refers to users or roles
some_privileges Means authority
database_object_type Index database object , Such as table、schema、sequence
grant select on table mytab to public;
pg No, DDL jurisdiction , Whether to create a table , Yes, look at schema Is there a create Authority .
Authority summary
Permissions are managed hierarchically
1) First, manage the permissions assigned to users' special attributes , Such as the authority of super user , Permission to create database , Create permissions for users ,LOGIN Authority, etc .
2) Then there is the permission to create the schema in the database .
3) Next, the permissions of the objects that create the database in the schema , Create table , Index, etc. .
4) Then there is the query table , Insert data into table , Update table , Delete data permissions in the table .
5) Finally, the permissions of some fields in the operation table
边栏推荐
- 紧固件行业供应商绩效考核繁琐?选对工具才能轻松逆袭!
- Debezium系列之:postgresql从偏移量加载正确的最后一次提交 LSN
- 自动化测试的好处
- JAD的安装、配置及集成IDEA
- Mathematical modeling of oil pipeline layout MATLAB, mathematical model of oil pipeline layout
- The monthly list of Tencent cloud developer community videos was released in May 2022
- 潘多拉 IOT 开发板学习(HAL 库)—— 实验8 定时器中断实验(学习笔记)
- The road of enterprise digital transformation starts from here
- MySql中的longtext字段的返回问题及解决
- [performance test] jmeter+grafana+influxdb deployment practice
猜你喜欢
面试官:Redis 过期删除策略和内存淘汰策略有什么区别?
The era of Web3.0 is coming. See how Tianyi cloud storage resources revitalize the system to enable new infrastructure (Part 2)
Oracle Chinese sorting Oracle Chinese field sorting
自动化测试的好处
cf:B. Almost Ternary Matrix【对称 + 找规律 + 构造 + 我是构造垃圾】
Analysis of postman core functions - parameterization and test report
Benefits of automated testing
android中常见的面试题,2022金九银十Android大厂面试题来袭
决策树与随机森林
The basic grammatical structure of C language
随机推荐
Optimization of middle alignment of loading style of device player in easycvr electronic map
Common interview questions in Android, 2022 golden nine silver ten Android factory interview questions hit
R language Visual scatter plot graph, add labels to some data points in the graph, and always display all labels, even if they have too much overlap. Ggrep package helps
Debezium系列之:IDEA集成词法和语法分析ANTLR,查看debezium支持的ddl、dml等语句
word如何转换成pdf?word转pdf简单的方法分享!
Fundamentals of machine learning (III) -- KNN / naive Bayes / cross validation / grid search
MySQL中字段类型为longtext的值导出后显示二进制串方式
Applet modification style (placeholder, checkbox style)
UWB超宽带定位技术,实时厘米级高精度定位应用,超宽带传输技术
A cloud opens a new future of smart transportation
JAD的安装、配置及集成IDEA
在线协作产品哪家强?微软 Loop 、Notion、FlowUs
Word finds red text word finds color font word finds highlighted formatted text
EasyCVR授权到期页面无法登录,该如何解决?
C# 语言的高级应用
The easycvr authorization expiration page cannot be logged in. How to solve it?
flume系列之:拦截器过滤数据
使用文件和目录属性和属性
Interprocess communication (IPC): shared memory
Get wechat avatar and nickname with uniapp