当前位置:网站首页>PG basics -- Logical Structure Management (user and permission management)

PG basics -- Logical Structure Management (user and permission management)

2022-07-05 19:14:00 51CTO

Users and roles

stay postgreSQL in , There is no difference between roles and users , A user is also a role , You can give one user permission to another user . Users and roles are global in the entire database instance , In different databases in the same instance , The users you see are the same .

There is a predefined super user when initializing the database system , The name of this user is the same as the user name of the operating system that initialized the database .

stay pg in , There is no difference between users and roles , except create  user Users created by default are login jurisdiction ,create  role No user created login Out of authority ,create rule And create  user There is no other difference .

How to create users 

      
      

       
       CREATE USER name 
       
       [ 
       
       [ WITH 
       
       ] option 
       
       [ ... 
       
       ] 
       
       ]
       
       

       
       

       
       where option can be
       
       :
       
       

       
       
      SUPERUSER 
       
       | NOSUPERUSER   # Is it a super user 
       
       
    
       
       | CREATEDB 
       
       | NOCREATEDB     # Whether they have create database jurisdiction 
       
       
    
       
       | CREATEROLE 
       
       | NOCREATEROLE # Whether you have permission to create other roles 
       
       
    
       
       | INHERIT 
       
       | NOINHERIT       # If the created user has a role , Whether to automatically have role permissions 
       
       
    
       
       | LOGIN 
       
       | NOLOGIN           # Is there a LOGIN jurisdiction 
       
       
    
       
       | REPLICATION 
       
       | NOREPLICATION # Copy permission 
       
       
    
       
       | BYPASSRLS 
       
       | NOBYPASSRLS  
       
       
    
       
       | CONNECTION 
       
       LIMIT connlimit
       
       
    
       
       | 
       
       [ ENCRYPTED 
       
       ] PASSWORD 
       
       'password' 
       
       | PASSWORD 
       
       NULL
       
       
    
       
       | VALID UNTIL 
       
       'timestamp'    # Password expiration time 
       
       
    
       
       | 
       
       IN ROLE role_name 
       
       [
       
       , ...
       
       ] 
       
       
    
       
       | 
       
       IN 
       
       GROUP role_name 
       
       [
       
       , ...
       
       ]
       
       
    
       
       | ROLE role_name 
       
       [
       
       , ...
       
       ]
       
       
    
       
       | ADMIN role_name 
       
       [
       
       , ...
       
       ]   #with admin option jurisdiction 
       
       
    
       
       | USER role_name 
       
       [
       
       , ...
       
       ]
       
       
    
       
       | SYSID uid
       
       

      
      

      
      
    
       
       
  • 1.
    • 
       
       
  • 2.
    • 
       
       
  • 3.
    • 
       
       
  • 4.
    • 
       
       
  • 5.
    • 
       
       
  • 6.
    • 
       
       
  • 7.
    • 
       
       
  • 8.
    • 
       
       
  • 9.
    • 
       
       
  • 10.
    • 
       
       
  • 11.
    • 
       
       
  • 12.
    • 
       
       
  • 13.
    • 
       
       
  • 14.
    • 
       
       
  • 15.
    • 
       
       
  • 16.
    • 
       
       
  • 17.
    • 
       
       
  • 18.
    • 
       
       
  • 19.
    • 
       
       
  • 20.
    •


Rights management

stay pg in , Each logical structure object of a database has an owner , Any database object belongs to a user , There is no need to give the permission of the object to the owner , Because the owner has all permissions by default . The owner also implicitly has the right to give other users the permission to operate the object


Authority classification

The permissions specified when creating users

Superuser rights

Create database permissions

Is there a login jurisdiction

It can also be done through alter role To modify the

need grant or revoke Authority

Create... In the database schema jurisdiction

Permission to create temporary tables in the specified database

Permission to connect to a database

Permission to create database objects in the schema

select、DML Operating authority

Sequence query , Function USES , Trigger permissions

Designated table , Permissions to index to tablespaces 

      
      

       
       grant some_privileges 
       
       on database_object_type object_name to role_name
       
       ;
       
       
revoke some_privileges 
       
       on database_object_type object_name 
       
       from role_name
       
       ;
      
      

      
      
    
       
       
  • 1.
    • 
       
       
  • 2.
    •

role_name                Refers to users or roles

some_privileges        Means authority

database_object_type Index database object , Such as table、schema、sequence

grant select on table mytab to public;

pg No, DDL jurisdiction , Whether to create a table , Yes, look at schema Is there a create Authority .


Authority summary

Permissions are managed hierarchically

1) First, manage the permissions assigned to users' special attributes , Such as the authority of super user , Permission to create database , Create permissions for users ,LOGIN Authority, etc .

2) Then there is the permission to create the schema in the database .

3) Next, the permissions of the objects that create the database in the schema , Create table , Index, etc. .

4) Then there is the query table , Insert data into table , Update table , Delete data permissions in the table .

5) Finally, the permissions of some fields in the operation table






原网站

版权声明
本文为[51CTO]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/186/202207051833078972.html

边栏推荐

猜你喜欢

随机推荐