投稿
  1. 首页
  2. sql

PostgreSQL访问控制

webservice 2022-6-2 sql 阅读 41

PostgreSQL访问控制,第1张

概述使用GRANT和REVOKE管理权限:  The GRANT command has two basic variants: one that grants privileges on        a database object (table, column, view, foreign table, sequence,        database, foreign-data wrapp

使用GRANT和REVOKE管理权限:

The GRANT command has two basic variants: one that grants privileges on

a database object (table,column,vIEw,foreign table,sequence,

database,foreign-data wrapper,foreign server,function,procedural

language,schema,or tablespace),and one that grants membership in a

role. These variants are similar in many ways,but they are different

enough to be described separately.


这个是9.4.1最新的官方文档,pgsql的权限控制很精细,精确到子段.表,子段,试图,外表,序列,数据库,外键表的数据,外键服务器,函数,过程语言,模式,表空间

先创建测试数据:

create table member(uID serial primary key,username varchar(40),email varchar(100),password varchar(32));

insert into member(username,email,password) values('admin','admin@qq.com','e10adc3949ba59abbe56e057f20f883e'),('test','test@qq.com','e10adc3949ba59abbe56e057f20f883e');

testdb2=> select * from member;

uID | username | email | password

-----+----------+--------------+----------------------------------

1 | admin | admin@qq.com | e10adc3949ba59abbe56e057f20f883e

2 | test | test@qq.com | e10adc3949ba59abbe56e057f20f883e

(2 rows)

testdb2=> \d

List of relations

Schema | name | Type | Owner

--------+----------------+----------+-------

public | member | table | sec

public | member_uID_seq | sequence | sec

数据库:testdb2

表与数据库所属用户为sec:

回收sec在member表的所有权限:

REVOKE ALL ON sec FROM member;

再执行update,query,delete会出现错误:

testdb2=> select * from member;

ERROR: permission denIEd for relation member

查询某个表的权限:使用\dp命令

testdb2=> \dp member;

Access privileges

Schema | name | Type | Access privileges | Column access privileges

--------+--------+-------+-------------------+--------------------------

public | member | table | |

(1 row)

把回收的所有权限重新授权回去:

testdb2=> grant all on member to sec;

GRANT

testdb2=> \dp member;

Access privileges

Schema | name | Type | Access privileges | Column access privileges

--------+--------+-------+-------------------+--------------------------

public | member | table | sec=arwdDxt/sec |

(1 row)

注:上面子段access privilages中arwdDxt的解释

r -- SELECT ("read")

w -- UPDATE ("write")

a -- INSERT ("append")

d -- DELETE

D -- TruncATE

x -- REFERENCES

t -- TRIGGER

X -- EXECUTE

U -- USAGE

C -- CREATE

c -- CONNECT

T -- TEMPORARY

回收某个指定查询权限(select,update,delete,truncate,insert):

revoke select on member from sec;

REVOKE upate,delete ON member FROM sec;

授权查询的权限:

GRANT select ON member to sec;

指定子段(password)权限的授权:(以查询为例)

1,首先你需要先回收用户sec对表member的select权限

REVOKE select ON member FROM sec;

2,授予用户sec,email与username的查询权限.

GRANT select(username,password) ON member TO sec;

如果先不做第一步,那么第二步是无效的,尽管对password这个子段作权限回收也是无效的.

总结

以上是内存溢出为你收集整理的PostgreSQL访问控制全部内容,希望文章能够帮你解决PostgreSQL访问控制所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。

欢迎分享,转载请注明来源:内存溢出

原文地址: http://outofmemory.cn/sjk/1176119.html

(0)
打赏 微信扫一扫 微信扫一扫 支付宝扫一扫 支付宝扫一扫
webservice webservice 一级用户组
0 0
上一篇 2022-06-02
下一篇 2022-06-02

发表评论

登录后才能评论

评论列表(0条)

保存