Postgresql 只读角色和用户

Posted 2023-02-23

【中文标题】Postgresql 只读角色和用户

【英文标题】：Postgresql readonly role and user

【发布时间】：2018-07-17 17:57:32

【问题描述】：

我找不到这个问题的答案：为什么在授予权限后从表中选择会失败？

-- create new role
CREATE ROLE readonly;

-- grant access to all existing tables
GRANT CONNECT ON DATABASE shop TO readonly;
GRANT USAGE ON SCHEMA public TO readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO readonly;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO readonly;

-- grant access to all table which will be created in the future
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO readonly;

-- create user and grant role to this user
CREATE USER b_readonly WITH PASSWORD 'reAdOnLy123';
GRANT readonly TO b_readonly;

我来自 db 的错误信息如下：

错误：关系 customer_search_query SQL 的权限被拒绝 状态：42501

Postgresql 9.6.5 有什么新技巧吗？

【问题讨论】：

排除显而易见的问题：表 customer_search_query 是在架构 public 中还是可能在搜索路径上的不同架构中创建？

【参考方案1】：

您查询的表customer_search_query 可能不在公共架构中。尝试运行此命令。

GRANT SELECT ON customer_search_query TO readonly;