-- 数据库权限授予grantallprivilegesondatabase testdb to user1;grantcreate,connect,temporaryondatabase testdb to user1;-- 模式权限授予grantusageonschema test_schema to user1;grantallprivilegesonschema test_schema to user1;-- 模式下的对象授权grantallprivilegesonalltablesinschema test_schema to user1;grantallprivilegesonall sequences inschema test_schema to user1;grantallprivilegesonall functions inschema test_schema to user1;-- 模式下的对象权限回收revokeallprivilegesonalltablesinschema test_schema from user1;revokeallprivilegesonall sequences inschema test_schema from user1;revokeallprivilegesonall functions inschema test_schema from user1;-- 模式下新增对象的默认权限alterdefaultprivilegesinschema test_schema grantallprivilegesontablesto user1;alterdefaultprivilegesinschema test_schema grantallprivilegeson sequences to user1;alterdefaultprivilegesinschema test_schema grantallprivilegeson functions to user1;-- 模式下默认权限回收alterdefaultprivilegesfor role test_user inschema test_schema revokeallon functions frompublic;alterdefaultprivilegesinschema test_schema revokeallontablesfrom user1;alterdefaultprivilegesinschema test_schema revokeallon sequences from user1;alterdefaultprivilegesinschema test_schema revokeallon functions from user1;----------------------------------------------------- 添加只读用户 --------------------------------------------------------- 1、创建用户及指定密码:createuser readonly with encrypted password 'readonly';-- 2、设置用户默认事务只读:alteruser readonly set default_transaction_read_only=on;-- 3、赋予用户连接数据库权限:grantconnectondatabase foo to readonly;-- 4、切换到指定数据库:
\c foo
-- 5、赋予用户权限,查看public模式下所有表:grantusageonschemapublicto readonly;alterdefaultprivilegesinschemapublicgrantselectontablesto readonly;-- 6、赋予指定模式下用户表、序列查看权限:grantusageonschema test_schema to readonly;grantselectonall sequences inschema test_schema to readonly;grantselectonalltablesinschema test_schema to readonly;alterdefaultprivilegesinschema test_schema grantselectontablesto readonly;---------------------------------------------------------- 修改属主 --------------------------------------------------------- 修改database属主alterdatabase testdb owner to root;-- 修改schema的属主alterschema schema_name owner to new_owner;-- 修改schema 下特定表的属主altertable schema_name.table_name owner to new_owner;--------------------------------------------------------- 删除用户 --------------------------------------------------------
\dt
\dn
dropschema test cascade;dropdatabase testdb;##用户下面无对象
error:role "xxx" cannot be dropped because some object depend on it
detail: privilegesfordatabase xxxx
#更改数据库角色拥有的数据库对象的所有权---- 1、如果不保留owner的数据库对象
reassign owned by test_user to postgres;drop owned by test_user;drop role test_user;---- 2、如果保留owner的数据库对象
reassign owned by test_user to postgres;drop role test_user;---- 3、如果还要删除数据库dropdatabase testdb;##用户下面有对象
error:role "xxx" cannot be dropped because some object depend on it
detail: 24 objects indatabase xxxx
select*from information_schema.table_privileges where grantee='test_user';revokeallonalltablesinschemapublicfrom test_user;alterdefaultprivilegesinschemapublicrevokeallontablesfrom test_user;alterdefaultprivilegesinschemapublicrevokeallon sequences from test_user;--------------------------------------------------------------------------------------------------------------------------------- postgresql 设置用户绕过rls(行级安全策略)alteruser<user_name> bypassrls;