我找不到这个问题的答案:为什么在授予权限后从表中选择失败?
-- create new role
CREATE ROLE readonly;
-- grant access to all existing tables
GRANT CONNECT ON DATABASE shop TO readonly;
GRANT USAGE ON SCHEMA public TO readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO readonly;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO readonly;
-- grant access to all table which will be created in the future
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO readonly;
-- create user and grant role to this user
CREATE USER b_readonly WITH PASSWORD 'reAdOnLy123';
GRANT readonly TO b_readonly;
我从 db 得到的错误信息如下:
ERROR: permission denied for relation customer_search_query SQL state: 42501
Postgresql 9.6.5有什么新技巧吗?
最佳答案
如果 pg 版本 < 14 尝试:
postgres=# CREATE ROLE readaccess;
postgres=# CREATE USER read_user WITH PASSWORD 'read_password';
postgres=# GRANT readaccess TO read_user;
--- INPORTANT (select needed db)---
postgres=# \с your_db;
your_db=# GRANT CONNECT ON DATABASE your_db TO readaccess;
your_db=# GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;
如果 pg 版本 >= 14
GRANT pg_read_all_data TO readaccess;
关于Postgresql 只读角色和用户,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48663891/