我正在尝试创建一个只读用户,但我遇到了一些问题,因为该用户还可以创建表和其他具有权限的其他人员。我想创建一个只读用户:
CREATE USER readonly WITH PASSWORD 'readonlypassword';
GRANT CONNECT ON DATABASE database_name TO readonly;
GRANT USAGE ON SCHEMA public TO readonly;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public to readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly;
然后我执行此查询以检查我的新只读用户是否只具有读取权限:
SELECT grantee, privilege_type
FROM information_schema.role_table_grants
WHERE table_name='any_table_name';
grantee | privilege_type
----------+----------------
admin_user | INSERT
admin_user | SELECT
admin_user | UPDATE
admin_user | DELETE
admin_user | TRUNCATE
admin_user | REFERENCES
admin_user | TRIGGER
readonly | SELECT
(8 rows)
一切看起来都不错,但我能够创建表格...为什么?授权权限表仅表示SELECT。
如果只启用只读权限,我需要做什么?