Postgresql 不包括,也不包括序列。不幸的是,这比这要复杂得多我会在我再次验证后发布我最终所做的。在你上面的脚本中,你试图创建角色两次。我怀疑您打算在启用登录角色和设置密码时使用“ALTER ROLE…”(如果您已经拥有该用户),在创建只读角色并授予select per
Postgresql 不包括,也不包括序列。不幸的是,这比这要复杂得多我会在我再次验证后发布我最终所做的。在你上面的脚本中,你试图创建角色两次。我怀疑您打算在启用登录角色和设置密码时使用“ALTER ROLE…”(如果您已经拥有该用户),在创建只读角色并授予select per,postgresql,Postgresql,不包括,也不包括序列。不幸的是,这比这要复杂得多我会在我再次验证后发布我最终所做的。在你上面的脚本中,你试图创建角色两次。我怀疑您打算在启用登录角色和设置密码时使用“ALTER ROLE…”(如果您已经拥有该用户),在创建只读角色并授予select perms后,将新角色授予用户:授予只读权限我必须在特定数据库中才能工作。Postgresql 9.5。这仅适用于架构中的现有表。如果写入用户稍后创建或替换表,只读用户将无法访问这些表。这是一个非常好的答案,只是缺少一点:ALTER SCHEMA p
不包括,也不包括序列。不幸的是,这比这要复杂得多我会在我再次验证后发布我最终所做的。在你上面的脚本中,你试图创建角色两次。我怀疑您打算在启用登录角色和设置密码时使用“ALTER ROLE…”(如果您已经拥有该用户),在创建只读角色并授予select perms后,将新角色授予用户:授予只读权限我必须在特定数据库中才能工作。Postgresql 9.5。这仅适用于架构中的现有表。如果写入用户稍后创建或替换表,只读用户将无法访问这些表。这是一个非常好的答案,只是缺少一点:
ALTER SCHEMA public中的默认权限将SELECT ON tables授予只读用户INSERTGRANT EXECUTE ON SCHEMA\u name中的所有函数为Read\u only\u User将SCHEMA SCHEMA\u name中所有序列的所有权限授予只读用户?@FabienHaddadi这意味着除非您有一些非常规的需求,否则我认为没有必要将序列的任何权限授予只读用户。这是一个巨大的安全风险。用户发出的第一个命令只需是:set transaction\u read\u only=off;拉斯吉德是对的。请不要在任何数据库上运行此命令,始终至少将“username”更改为其他内容,并将“userpass”更改为安全内容。
GRANT SELECT ON mydb.* TO 'xxx'@'%' IDENTIFIED BY 'yyy';
postgres=# CREATE ROLE xxx LOGIN PASSWORD 'yyy';
postgres=# GRANT SELECT ON DATABASE mydb TO xxx;
postgres=# grant select on db_name.table_name to read_only_user;
GRANT CONNECT ON DATABASE mydb TO xxx;
-- This assumes you're actually connected to mydb..
GRANT USAGE ON SCHEMA public TO xxx;
GRANT SELECT ON mytable TO xxx;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO xxx;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO xxx;
SELECT 'GRANT SELECT ON ' || relname || ' TO xxx;'
FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace
WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S');
test=> GRANT SELECT ON ALL TABLES IN SCHEMA public TO joeuser;
$ sudo -upostgres psql postgres
postgres=# CREATE ROLE readonly WITH LOGIN ENCRYPTED PASSWORD '<USE_A_NICE_STRONG_PASSWORD_PLEASE';
postgres=# GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
$ echo "hostssl <PUT_DBNAME_HERE> <PUT_READONLY_USERNAME_HERE> 0.0.0.0/0 md5" | sudo tee -a /etc/postgresql/9.2/main/pg_hba.conf
$ sudo service postgresql reload
# This will prevent default users from creating tables
REVOKE CREATE ON SCHEMA public FROM public;
# If you want to grant a write user permission to create tables
# note that superusers will always be able to create tables anyway
GRANT CREATE ON SCHEMA public to writeuser;
# Now create the read-only user
CREATE ROLE readonlyuser WITH LOGIN ENCRYPTED PASSWORD 'strongpassword';
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonlyuser;
# You can either grant USAGE to everyone
GRANT USAGE ON SCHEMA public TO public;
# Or grant it just to your read only user
GRANT USAGE ON SCHEMA public TO readonlyuser;
CREATE ROLE Read_Only_User WITH LOGIN PASSWORD 'Test1234'
NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';
GRANT CONNECT ON DATABASE YourDatabaseName TO Read_Only_User;
GRANT USAGE ON SCHEMA public TO Read_Only_User;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO Read_Only_User;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO Read_Only_User;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO Read_Only_User;
db=> GRANT SELECT ON ALL TABLES IN SCHEMA public to readonlyuser;
GRANT
db=> GRANT CONNECT ON DATABASE mydatabase to readonlyuser;
GRANT
db=> GRANT SELECT ON ALL SEQUENCES IN SCHEMA public to readonlyuser;
GRANT
db=> ALTER USER readonlyuser SET search_path=customschema, public;
ALTER ROLE
user@server:~$ sudo su - postgres
postgres@server:~$ createuser --interactive
Enter name of role to add: readonly
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
postgres@server:~$ psql
psql (10.6 (Ubuntu 10.6-0ubuntu0.18.04.1), server 9.5.14)
Type "help" for help.
postgres=# alter user readonly with password 'readonly';
ALTER ROLE
postgres=# \c target_database
psql (10.6 (Ubuntu 10.6-0ubuntu0.18.04.1), server 9.5.14)
You are now connected to database "target_database" as user "postgres".
target_database=# GRANT CONNECT ON DATABASE target_database TO readonly;
GRANT
target_database=# GRANT USAGE ON SCHEMA public TO readonly ;
GRANT
target_database=# GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly ;
GRANT
target_database=# ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly;
ALTER DEFAULT PRIVILEGES
CREATE USER username SUPERUSER password 'userpass';
ALTER USER username set default_transaction_read_only = on;
GRANT pg_read_all_data TO xxx;