如何在CloudSQL上创建只读PostgreSQL用户?
我以postgres用户的身份连接到我正在使用的数据库。例如,应用程序制作。然后我运行了这些命令,如中所述: postgres用户似乎没有足够的权限。 如何授予data studio用户对users表的读取权限 测试答案1 在我新创建的martins_测试表上工作 但不是在运行rake db:create preciously创建的旧用户表上 用户表是使用错误的权限创建的吗 列出权限如何在CloudSQL上创建只读PostgreSQL用户?,postgresql,google-cloud-sql,Postgresql,Google Cloud Sql,我以postgres用户的身份连接到我正在使用的数据库。例如,应用程序制作。然后我运行了这些命令,如中所述: postgres用户似乎没有足够的权限。 如何授予data studio用户对users表的读取权限 测试答案1 在我新创建的martins_测试表上工作 但不是在运行rake db:create preciously创建的旧用户表上 用户表是使用错误的权限创建的吗 列出权限 我查看了您提到的页面,并执行了以下步骤: 连接到云SQL实例: psql -h $HOST -U postgre
我查看了您提到的页面,并执行了以下步骤: 连接到云SQL实例:
psql -h $HOST -U postgres -W -d app_development
Password for user postgres:
psql (9.6.10, server 9.6.6)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128, compression: off)
Type "help" for help.
已创建表用户:
创建用户/角色data studio并授予与该架构的连接:
app_development=> CREATE USER "data-studio";
CREATE ROLE
app_development=> \password "data-studio"
Enter new password:
Enter it again:
app_development=> GRANT CONNECT ON DATABASE app_development TO "data-studio";
GRANT
并最终授予表的SELECT权限:
app_development=> GRANT SELECT ON users TO "data-studio";
GRANT
要测试它是否有效,请与data studio用户连接:
psql -h 104.154.148.111 -U "data-studio" -W -d app_development
Password for user data-studio:
psql (9.6.10, server 9.6.6)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128, compression: off)
Type "help" for help.
app_development=> select * from users;
id
----
(0 rows)
app_development=> insert into users (id) values (1);
ERROR: permission denied
在这个链接上有一条评论显示第一个命令是错误的。我希望这能有所帮助。当我按照您的描述创建一个表时,您的建议会起作用。但不在现有用户表上。你知道为什么吗?我在原始问题中添加了我尝试的日志。
_production=> \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-------------------+-------------------+----------+------------+------------+-----------------------------------------
cloudsqladmin | cloudsqladmin | UTF8 | en_US.UTF8 | en_US.UTF8 |
app_production | cloudsqlsuperuser | UTF8 | en_US.UTF8 | en_US.UTF8 | =Tc/cloudsqlsuperuser +
| | | | | cloudsqlsuperuser=CTc/cloudsqlsuperuser+
| | | | | "data-studio"=c/cloudsqlsuperuser +
| | | | | datastudio=c/cloudsqlsuperuser
postgres | cloudsqlsuperuser | UTF8 | en_US.UTF8 | en_US.UTF8 |
template0 | cloudsqladmin | UTF8 | en_US.UTF8 | en_US.UTF8 | =c/cloudsqladmin +
| | | | | cloudsqladmin=CTc/cloudsqladmin
template1 | cloudsqlsuperuser | UTF8 | en_US.UTF8 | en_US.UTF8 | =c/cloudsqlsuperuser +
| | | | | cloudsqlsuperuser=CTc/cloudsqlsuperuser
(5 rows)
psql -h $HOST -U postgres -W -d app_development
Password for user postgres:
psql (9.6.10, server 9.6.6)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128, compression: off)
Type "help" for help.
app_development=> create table users (id int);
CREATE TABLE
app_development=> CREATE USER "data-studio";
CREATE ROLE
app_development=> \password "data-studio"
Enter new password:
Enter it again:
app_development=> GRANT CONNECT ON DATABASE app_development TO "data-studio";
GRANT
app_development=> GRANT SELECT ON users TO "data-studio";
GRANT
psql -h 104.154.148.111 -U "data-studio" -W -d app_development
Password for user data-studio:
psql (9.6.10, server 9.6.6)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128, compression: off)
Type "help" for help.
app_development=> select * from users;
id
----
(0 rows)
app_development=> insert into users (id) values (1);
ERROR: permission denied