zoukankan      html  css  js  c++  java
  • PostgreSQL在哪里存放默认的权限

    先创建一个测试用户

    postgres=# create user abce with login password 'abce';
    CREATE ROLE
    postgres=# create schema t;
    CREATE SCHEMA
    postgres=# alter default privileges in schema t grant select on tables to abce;
    ALTER DEFAULT PRIVILEGES
    postgres=# 
    

    目录表pg_user中有个列:useconfig。我们可能会觉得是存在这里:

    postgres=# d pg_user
                    View "pg_catalog.pg_user"
        Column    |  Type   | Collation | Nullable | Default 
    --------------+---------+-----------+----------+---------
     usename      | name    |           |          | 
     usesysid     | oid     |           |          | 
     usecreatedb  | boolean |           |          | 
     usesuper     | boolean |           |          | 
     userepl      | boolean |           |          | 
     usebypassrls | boolean |           |          | 
     passwd       | text    |           |          | 
     valuntil     | abstime |           |          | 
     useconfig    | text[]  |           |          | 
    
    postgres=# select * from pg_user where usename='abce';
     usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls |  passwd  | valuntil | useconfig 
    ---------+----------+-------------+----------+---------+--------------+----------+----------+-----------
     abce    |    74849 | f           | f        | f       | f            | ******** |          | 
    (1 row)
    
    postgres=# 
    

    但是,这里并没有存储默认的权限。

    再来看看目录表pg_namespace

    postgres=# select * from pg_namespace where nspname='t';
     nspname | nspowner | nspacl 
    ---------+----------+--------
     t       |       10 | 
    (1 row)
    
    postgres=# 
    

    也没有存放在pg_namespace表中。但是,这里却给了我们一个提示:ACL(访问控制列表)。让我们来看看是否有相关的目录表存在:

    postgres=# select * from pg_tables where tablename like '%acl%';
     schemaname |   tablename    | tableowner | tablespace | hasindexes | hasrules | hastriggers | rowsecurity 
    ------------+----------------+------------+------------+------------+----------+-------------+-------------
     pg_catalog | pg_default_acl | postgres   |            | t          | f        | f           | f
    (1 row)
    
    postgres=# 
    

    可以看到,有个pg_default_acl目录表。

    继续往下查看:

    postgres=# select * from pg_default_acl where defaclnamespace='t'::regnamespace;
     defaclrole | defaclnamespace | defaclobjtype |     defaclacl     
    ------------+-----------------+---------------+-------------------
             10 |           74850 | r             | {abce=r/postgres}
    (1 row)
    
    postgres=# 
    

    这里“abce=r”表示用户abce在所有对象上有read的权限。

    再次尝试修改abce的默认权限:

    postgres=# alter default privileges in schema t grant insert on tables to abce;
    ALTER DEFAULT PRIVILEGES
    postgres=# select * from pg_default_acl where defaclnamespace='t'::regnamespace;
     defaclrole | defaclnamespace | defaclobjtype |     defaclacl      
    ------------+-----------------+---------------+--------------------
             10 |           74850 | r             | {abce=ar/postgres}
    (1 row)
    
    postgres=# 
    

    现在abce就被增加a权限,a表示append(insert)。权限的缩写以及含义可以查看文档:https://www.postgresql.org/docs/current/ddl-priv.html

    这里的“/postgres”表示schema的属主。

    postgres=# alter user abce superuser;
    ALTER ROLE
    postgres=# c postgres abce
    You are now connected to database "postgres" as user "abce".
    postgres=# create schema t2;
    CREATE SCHEMA
    postgres=# select * from pg_default_acl where defaclnamespace='t2'::regnamespace;
     defaclrole | defaclnamespace | defaclobjtype | defaclacl 
    ------------+-----------------+---------------+-----------
    (0 rows)
    
    postgres=# create user abce2;
    CREATE ROLE
    postgres=# alter default privileges in schema t2 grant select on tables to abce2;
    ALTER DEFAULT PRIVILEGES
    postgres=# select * from pg_default_acl where defaclnamespace='t2'::regnamespace;
     defaclrole | defaclnamespace | defaclobjtype |   defaclacl    
    ------------+-----------------+---------------+----------------
          74849 |           74852 | r             | {abce2=r/abce}
    (1 row)
    
    postgres=# 
    

      

  • 相关阅读:
    启动mysql时显示:/tmp/mysql.sock 不存在的解决方法
    python在使用MySQLdb模块时报Can't extract file(s) to egg cacheThe following error occurred while trying to extract file(s) to the Python eggcache的错误。
    文档发布测试
    我的日常
    CSS-基础优化策略
    Git-基本操作
    Git-配置SSH公钥
    Git-免密提交
    Wx-mpvue开发小程序
    Vue-移动端开发全家桶
  • 原文地址:https://www.cnblogs.com/abclife/p/13900935.html
Copyright © 2011-2022 走看看