usage权限的使用与管理
Posted 瀚高PG实验室
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了usage权限的使用与管理相关的知识,希望对你有一定的参考价值。
作者:瀚高PG实验室 (Highgo PG Lab)
目录
文档用途
详细信息
文档用途
了解usage权限的使用与管理
详细信息
场景1 :只授权usage on schema 权限
session 1:
--创建test用户,并将highgo模式赋予test用户。
| highgo=# create user test with password 'password'; CREATE ROLE highgo=# grant USAGE on SCHEMA highgo to test ; GRANT
highgo=# \\dn highgo List of schemas Name | Owner --------+-------- highgo | highgo |
session 2:
--登陆readonly用户可以查询highgo模式下现存的所有表。
| highgo=# \\c highgo test
highgo=> select * from highgo. highgo.big_table highgo.dept highgo.ump highgo.bonus highgo.pgdo highgo=> select * from highgo.ump ; pid | event_type | event | queryid | count ---------+---------------+-------------------------+-----------------+-------- 14764 | IO | DataFileRead | 0 | 3 14986 | IPC | MessageQueuInternal | 3876349911 | 1 14767 | Activity | LogicalLauncherMain | 0 | 273690 14986 | IO | DataFileImmediateSync | 0 | 1 14760 | Activity | AutoVacumMain | 0 | 273622 14765 | Extension | Extension | 0 | 268108 14757 | Activity | CheckpointerMain | 0 | 273344 16728 | Client | ClientRead | 0 | 1454 14765 | IPC | MessageQueuInternal | 4242708246 | 1 14757 | IO | DataFileSync | 0 | 1 16741 | Client | ClientRead | 0 | 44655 14758 | Activity | BgWriterHibernte | 0 | 256733 14758 | Activity | BgWriterMain | 0 | 16926 14757 | IO | DataFileWrite | 0 | 1 16425 | Client | ClientRead | 0 | 30320 14765 | LWLock | lock_manager | 0 | 1 14986 | Client | ClientRead | 0 | 253179 14759 | Activity | WalWriterMain | 0 | 273673 (18 rows)
|
切换到session1创建新表t1
| highgo=# create table t1 as select * from ump; |
切换到session2 test用户下,t1表无法查询
|
highgo=> select * from highgo. highgo.big_table highgo.dept highgo.t1 highgo.bonus highgo.pgdo highgo.ump
highgo=> select * from highgo.t1; ERROR: 42501: permission denied for relation t1 |
总结:如果只授予 usage on schema 权限,test只能查看 highgo 模式下已经存在的表和对象。
在授予 usage on schema 权限之后创建的新表无法查看。
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
场景2:授予usage on schema权限之后 ,再赋予 select on all tables in schema权限
针对场景1 [ERROR: 42501: permission denied for relation t1] 错误的处理
| highgo=> select * from highgo. highgo.big_table highgo.dept highgo.t1 highgo.bonus highgo.pgdo highgo.ump
highgo=> select * from highgo.t1; ERROR: 42501: permission denied for relation t1 |
session1:授权test用户select on all tables 权限
| highgo=# grant select on all tables in schema highgo TO test ; GRANT |
session2: test用户查询t1表
| highgo=> select * from highgo.t1 ; pid | event_type | event | queryid | count ---------+---------------+-------------------------+-----------------+-------- 14764 | IO | DataFileRead | 0 | 3 14986 | IPC | MessageQueuInternal | 3876349911 | 1 14767 | Activity | LogicalLauncherMain | 0 | 273690 14986 | IO | DataFileImmediateSync | 0 | 1 14760 | Activity | AutoVacumMain | 0 | 273622 14765 | Extension | Extension | 0 | 268108 14757 | Activity | CheckpointerMain | 0 | 273344 16728 | Client | ClientRead | 0 | 1454 14765 | IPC | MessageQueuInternal | 4242708246 | 1 14757 | IO | DataFileSync | 0 | 1 16741 | Client | ClientRead | 0 | 44655 14758 | Activity | BgWriterHibernte | 0 | 256733 14758 | Activity | BgWriterMain | 0 | 16926 14757 | IO | DataFileWrite | 0 | 1 16425 | Client | ClientRead | 0 | 30320 14765 | LWLock | lock_manager | 0 | 1 14986 | Client | ClientRead | 0 | 253179 14759 | Activity | WalWriterMain | 0 | 273673 (18 rows) |
session1:登陆 highgo 用户的 highgo 模式下创建新表 t2
| highgo=# create table t2 as select * from ump ; SELECT 18 |
session2:test用户查询t2表权限不足
| highgo=> select * from highgo.t2; ERROR: 42501: permission denied for relation t2 |
session1:再次赋予 grant select on all tables
| highgo=# grant select on all tables in schema highgo TO test ; GRANT |
session2:test用户又可以查看 t2 表
| highgo=> select * from highgo.t2 ; pid | event_type | event | queryid | count ---------+---------------+-------------------------+-----------------+-------- 14764 | IO | DataFileRead | 0 | 3 14986 | IPC | MessageQueuInternal | 3876349911 | 1 14767 | Activity | LogicalLauncherMain | 0 | 273690 14986 | IO | DataFileImmediateSync | 0 | 1 14760 | Activity | AutoVacumMain | 0 | 273622 14765 | Extension | Extension | 0 | 268108 14757 | Activity | CheckpointerMain | 0 | 273344 16728 | Client | ClientRead | 0 | 1454 14765 | IPC | MessageQueuInternal | 4242708246 | 1 14757 | IO | DataFileSync | 0 | 1 16741 | Client | ClientRead | 0 | 44655 14758 | Activity | BgWriterHibernte | 0 | 256733 14758 | Activity | BgWriterMain | 0 | 16926 14757 | IO | DataFileWrite | 0 | 1 16425 | Client | ClientRead | 0 | 30320 14765 | LWLock | lock_manager | 0 | 1 14986 | Client | ClientRead | 0 | 253179 14759 | Activity | WalWriterMain | 0 | 273673 (18 rows) |
更多详细信息请登录【瀚高技术支持平台】查看https://support.highgo.com/#/index/docContentHighgo/5ec1f71d00ef9617
以上是关于usage权限的使用与管理的主要内容,如果未能解决你的问题,请参考以下文章