向用户授予对表的权限在 postgres 中不起作用

时间:2021-04-16 16:17:48

标签: database postgresql ddl

我正在尝试向用户授予对 postgres 数据库架构中所有表的读/写权限。发出以下命令并检查表权限后,我看到已授予访问权限

mygamedb=> GRANT SELECT, WRITE, UPDATE, DELETE ON ALL TABLES IN SCHEMA myapp to user1;

mygamedb=> select * from information_schema.table_privileges where schema_name="myapp";

grantor | grantee | table_catalog | table_schema | table_name | privilege_type | is_grantable | with_hierarcy
--------+---------+---------------+--------------+------------+----------------+--------------+---------------
newbie  | newbie  | mygamedb      | myapp        | players    | INSERT         | YES          | NO
newbie  | newbie  | mygamedb      | myapp        | players    | SELECT         | YES          | YES
newbie  | newbie  | mygamedb      | myapp        | players    | UPDATE         | YES          | NO
newbie  | newbie  | mygamedb      | myapp        | players    | DELETE         | YES          | NO
newbie  | user1   | mygamedb      | myapp        | players    | INSERT         | NO           | NO
newbie  | user1   | mygamedb      | myapp        | players    | SELECT         | NO           | YES
newbie  | user1   | mygamedb      | myapp        | players    | UPDATE         | NO           | NO
newbie  | user1   | mygamedb      | myapp        | players    | DELETE         | NO           | NO

使用 psql 以 user1 身份登录,但我无法执行 DML 查询,并且仍然收到 Permission denied 错误

mygamedb=> select * from myapp.players;
Error:  Permission denied for relation players

将用户 user1 添加到 batch_rw 用户并授予已工作角色权限后

mygamedb=> GRANT SELECT, WRITE, UPDATE, DELETE ON ALL TABLES IN SCHEMA myapp to batch_rw;

mygamedb=> select * from information_schema.table_privileges where schema_name="myapp";

grantor | grantee  | table_catalog | table_schema | table_name | privilege_type | is_grantable | with_hierarcy
--------+--------- +---------------+--------------+------------+----------------+--------------+---------------
newbie  | newbie   | mygamedb      | myapp        | players    | INSERT         | YES          | NO
newbie  | newbie   | mygamedb      | myapp        | players    | SELECT         | YES          | YES
newbie  | newbie   | mygamedb      | myapp        | players    | UPDATE         | YES          | NO
newbie  | newbie   | mygamedb      | myapp        | players    | DELETE         | YES          | NO
newbie  | user1    | mygamedb      | myapp        | players    | INSERT         | NO           | NO
newbie  | user1    | mygamedb      | myapp        | players    | SELECT         | NO           | YES
newbie  | user1    | mygamedb      | myapp        | players    | UPDATE         | NO           | NO
newbie  | user1    | mygamedb      | myapp        | players    | DELETE         | NO           | NO
newbie  | batch_rw | mygamedb      | myapp        | players    | INSERT         | NO           | NO
newbie  | batch_rw | mygamedb      | myapp        | players    | SELECT         | NO           | YES
newbie  | batch_rw | mygamedb      | myapp        | players    | UPDATE         | NO           | NO
newbie  | batch_rw | mygamedb      | myapp        | players    | DELETE         | NO           | NO

使用 psql 以 user1 身份登录,现在 DDL 查询工作正常

mygamedb=> select * from myapp.players;

p_id | p_name | p_username
-----+--------+-----------

知道我在这里遗漏了什么吗?为什么授予用户权限不起作用,但授予角色权限有效?

0 个答案:

没有答案
相关问题
最新问题