Postgresql数据库超级用户

时间:2014-03-06 13:44:01

标签: postgresql permissions grant

我正在尝试保护由多个模式组成的数据库,如下所示: - 

-public
-foo
-bar
-foobar

我想创建一个可以访问任何架构进行读取的用户,可以在bar中创建表格,并且可以在foo,bar和foobar中进行惰性/更新/删除

我更愿意将用户创建为数据库超级用户,然后根据需要删除权限。

我想: - 

CREATE USER test_superuser;
GRANT ALL on DATABASE test to test_superuser;

会这样做,但在这些命令之后,test_superuser无法访问架构。

如何创建具有postgres超级用户权限但仅限于命名数据​​库的用户?

3 个答案:

答案 0 :(得分:1)

原来这需要做很多修改才能实现: - 

     CREATE ROLE test_database_superuser
     NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL '2020-03-06 00:00:00';


    CREATE ROLE test_user LOGIN
      ENCRYPTED PASSWORD 'md52b250919b406b707999fffb2b9f673fb'
      NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL '2020-03-06 00:00:00';

    GRANT test_database_superuser TO test_user;

    --DATABASE LEVEL PRIVELEGES
    GRANT ALL PRIVILEGES ON DATABASE test to test_database_superuser;

    --SCHEMA LEVEL
    GRANT ALL ON SCHEMA bar TO GROUP test_database_superuser;
    GRANT USAGE ON SCHEMA foo TO GROUP test_database_superuser;
    GRANT USAGE ON SCHEMA foobar TO GROUP test_database_superuser;

    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA foo TO GROUP test_database_superuser;
    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA foo TO GROUP test_database_superuser;

    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA bar TO GROUP test_database_superuser;
    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA bar TO GROUP test_database_superuser;

    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA foobar TO GROUP test_database_superuser;
    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA foobar TO GROUP test_database_superuser;


    --PUBLIC
    GRANT USAGE ON SCHEMA public TO GROUP test_database_superuser;

答案 1 :(得分:0)

允许usage of the schema 

GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
    ON SCHEMA schema_name [, ...]
    TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]

类似的东西:

 GRANT USAGE ON SCHEMA your_schame TO test_superuser;

顺便说一句,这不是“超级用户”,只是拥有大量权限的用户......

答案 2 :(得分:0)

以下是一个例子:

$ sudo su - postgres
postgres@derrick:~$ createuser -P
Enter name of role to add: web_app
Enter password for new role: 
Enter it again: 
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
postgres@derrick:~$

postgres@derrick:~$ createdb --owner web_app dbTest
postgres@derrick:~$ logout
相关问题
最新问题