我正在尝试向用户授予对 postgres 数据库架构中所有表的读/写权限。发出以下命令并检查表权限后,我看到已授予访问权限
mygamedb=> GRANT SELECT, WRITE, UPDATE, DELETE ON ALL TABLES IN SCHEMA myapp to user1;
mygamedb=> select * from information_schema.table_privileges where schema_name="myapp";
grantor | grantee | table_catalog | table_schema | table_name | privilege_type | is_grantable | with_hierarcy
--------+---------+---------------+--------------+------------+----------------+--------------+---------------
newbie | newbie | mygamedb | myapp | players | INSERT | YES | NO
newbie | newbie | mygamedb | myapp | players | SELECT | YES | YES
newbie | newbie | mygamedb | myapp | players | UPDATE | YES | NO
newbie | newbie | mygamedb | myapp | players | DELETE | YES | NO
newbie | user1 | mygamedb | myapp | players | INSERT | NO | NO
newbie | user1 | mygamedb | myapp | players | SELECT | NO | YES
newbie | user1 | mygamedb | myapp | players | UPDATE | NO | NO
newbie | user1 | mygamedb | myapp | players | DELETE | NO | NO
使用 psql 以 user1
身份登录,但我无法执行 DML 查询,并且仍然收到 Permission denied
错误
mygamedb=> select * from myapp.players;
Error: Permission denied for relation players
将用户 user1
添加到 batch_rw
用户并授予已工作角色权限后
mygamedb=> GRANT SELECT, WRITE, UPDATE, DELETE ON ALL TABLES IN SCHEMA myapp to batch_rw;
mygamedb=> select * from information_schema.table_privileges where schema_name="myapp";
grantor | grantee | table_catalog | table_schema | table_name | privilege_type | is_grantable | with_hierarcy
--------+--------- +---------------+--------------+------------+----------------+--------------+---------------
newbie | newbie | mygamedb | myapp | players | INSERT | YES | NO
newbie | newbie | mygamedb | myapp | players | SELECT | YES | YES
newbie | newbie | mygamedb | myapp | players | UPDATE | YES | NO
newbie | newbie | mygamedb | myapp | players | DELETE | YES | NO
newbie | user1 | mygamedb | myapp | players | INSERT | NO | NO
newbie | user1 | mygamedb | myapp | players | SELECT | NO | YES
newbie | user1 | mygamedb | myapp | players | UPDATE | NO | NO
newbie | user1 | mygamedb | myapp | players | DELETE | NO | NO
newbie | batch_rw | mygamedb | myapp | players | INSERT | NO | NO
newbie | batch_rw | mygamedb | myapp | players | SELECT | NO | YES
newbie | batch_rw | mygamedb | myapp | players | UPDATE | NO | NO
newbie | batch_rw | mygamedb | myapp | players | DELETE | NO | NO
使用 psql 以 user1
身份登录,现在 DDL 查询工作正常
mygamedb=> select * from myapp.players;
p_id | p_name | p_username
-----+--------+-----------
知道我在这里遗漏了什么吗?为什么授予用户权限不起作用,但授予角色权限有效?