我创建了一个名为'common'的用户组和一个名为'application'的用户。以下脚本:
CREATE ROLE common NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT;
GRANT USAGE ON SCHEMA portal TO common;
GRANT ALL ON ALL TABLES IN SCHEMA portal TO common;
GRANT ALL ON ALL SEQUENCES IN SCHEMA portal TO common;
CREATE ROLE application INHERIT LOGIN PASSWORD 'xxxxxx';
GRANT common TO application;
为确保已将权限应用于用户“应用程序”,我执行了以下返回true的命令:
select has_table_privilege ('application', 'portal.noticias', 'delete')
return: t
select has_schema_privilege ('application', 'portal', 'usage')
return: t
使用用户'应用程序',您可以在表'portal.noticias'中插入,更新和选择数据,但是在尝试删除记录时会发生以下错误:
ERROR: permission denied for schema portal
LINE 1: SELECT 1 FROM ONLY "portal"."noticias" x WHERE "codnoticia" ... ^
QUERY: SELECT 1 FROM ONLY "portal"."noticias" x WHERE "codnoticia" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x
我不知道我做错了什么,但感谢您的帮助。
答案 0 :(得分:0)
为您创造问题的是这个约束:
ALTER TABLE portal.Fotos_Noticias ADD CONSTRAINT
fk_FotoNoticia_Noticia FOREIGN KEY (codNoticia)
REFERENCES portal.Noticias (codNoticia) MATCH FULL
ON DELETE NO ACTION ON UPDATE CASCADE;
如果删除该约束,则DELETE语句将按预期运行。但是你当然想要约束。
表的所有者是AcadAdmin,但AcadAdmin无权访问架构门户:
test=# select has_schema_privilege('acadadmin', 'portal', 'usage');
has_schema_privilege
----------------------
f
(1 row)
test=# delete from portal.noticias where codNoticia = 1;
ERROR: permission denied for schema portal
LINE 1: SELECT 1 FROM ONLY "portal"."noticias" x WHERE "codnoticia" ...
^
QUERY: SELECT 1 FROM ONLY "portal"."noticias" x WHERE "codnoticia" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x
让我们看看如果我们授予AcadAdmin门户访问权限会发生什么:
test=# grant usage on schema portal to AcadAdmin;
GRANT
test=# select has_schema_privilege('acadadmin', 'portal', 'usage');
has_schema_privilege
----------------------
t
(1 row)
test=# delete from portal.noticias where codNoticia = 1;
DELETE 1
test=#
宾果!
我不是这方面错综复杂的专家,但我想有理由说明为什么会这样。