我在postgres上有一个管理员角色/用户和开发人员角色。开发人员角色从“访问访问”中获取属性。我为了方便起见而创造的角色。如果我运行\ du我得到:
Role name | Attributes | Member of
-----------------+------------------------------------------------------------+-------------------
developers | | {readaccess}
rds_replication | Cannot login | {}
rds_superuser | Cannot login | {rds_replication}
rdsadmin | Superuser, Create role, Create DB, Replication, Bypass RLS+| {}
| Password valid until infinity |
rdsrepladmin | No inheritance, Cannot login, Replication | {}
readaccess | Cannot login +| {}
| Password valid until infinity |
admin | Create role, Create DB +| {rds_superuser}
| Password valid until infinity |
我已通过以下
授予对我的开发者帐户和我的readaccess帐户的读取权限GRANT SELECT ON ALL TABLES IN SCHEMA mySchema TO developers;
ALTER DEFAULT PRIVILEGES IN SCHEMA mySchema GRANT SELECT ON TABLES TO developers;
GRANT SELECT ON ALL TABLES IN SCHEMA mySchema TO readaccess;
ALTER DEFAULT PRIVILEGES IN SCHEMA mySchema GRANT SELECT ON TABLES TO readaccess;
如果我在mySchema中的一个表上运行命令\ z
myDb=> \z mySchema.myTable;
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
---------+------------------------+-------+-------------------------+-------------------+----------
mySchema| myTable | table | admin=arwdDxt/admin+ | |
| | | developers=r/admin | |
(1 row)
但是我无法运行选择 - 它说我没有权限
myDB=> select * from mySchema.myTable;
ERROR: permission denied for schema mySchema
LINE 1: select * from mySchema.myTable;
任何人都可以帮忙吗?
答案 0 :(得分:3)
除了授予对表的访问权限之外,还必须授予对包含它们的模式的访问权限:
GRANT USAGE ON SCHEMA myschema TO readaccess, developers;