创建开发库dpgsql 、测试库ppgsql、生产库ppgsql
创建开发库对象为例:
创建用户srv_qpgsql
create user srv_qpgsql with ENCRYPTED password 'srv_qpgsql';
创建schema,并赋予所有者为用户srv_qpgsql
CREATE SCHEMA qpgsql;
ALTER SCHEMA qpgsql OWNER to srv_qpgsql;
创建schema表空间
mkdir -p /data/pgsql_5432/tbs_qpgsql
CREATE TABLESPACE tbs_qpgsql OWNER srv_qpgsql LOCATION '/data/pgsql_5432/tbs_qpgsql/';
创建所有者是srv_qpgsql的数据库
CREATE DATABASE qpgsql WITH OWNER srv_qpgsql ENCODING UTF8 TEMPLATE template1 TABLESPACE tbs_qpgsql;
根据业务需求,创建只读用户:
赋予用户连接数据库权限:
GRANT CONNECT ON DATABASE prod to r_user;
切换到指定业务数据库:
postgres=# l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
prod | srv_prod | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +| | | | | postgres=CTc/postgres
(4 rows)
连接业务库
c prod
根据需求赋予相应的schema只读权限
prod=> dn
List of schemas
Name | Owner
--------------------+----------
prod | srv_prod
prod_log | srv_prod
public | postgres
赋予用户表、序列查看权限:分别赋予prod,prod_log下对象只读权限
GRANT USAGE ON SCHEMA prod to r_user;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA prod TO r_user;
GRANT SELECT ON ALL TABLES IN SCHEMA prod TO r_user;