給postgresql的登陸用戶設置只讀模式
一.說明:
讓數據庫變成只讀模式,目前PostgreSQL沒有嚴格意義上的只讀模式(如臨時表在只讀事務中還是可以使用的)。通過調整參數或設置事務模式可以將後續登錄的SESSION或者當前事務設置為只讀模式。
在只讀模式下,PostgreSQL不允許如下SQL:
When a transaction is read-only, the following SQL commands are disallowed: INSERT, UPDATE, DELETE, and COPY FROM if the table they would write to is not a temporary table; all CREATE, ALTER, and DROP commands; COMMENT, GRANT, REVOKE, TRUNCATE; and EXPLAIN ANALYZE and EXECUTE if the command they would execute is among those listed. This is a high-level notion of read-only that does not prevent all writes to disk.
上述描述引用地址:
http://blog.163.com/digoal@126/blog/static/163877040201111821118906/
二.給postgresql的登陸用戶設置只讀模式:
1.設置登陸數據庫的用戶為只讀模式:
[postgres@cacti ~]$ psql -Uuser001 -dtestdb01 -p19086 -h127.0.0.1
Password for user user001:
psql.bin (9.5.9)
Type "help" for help.
testdb01=>
testdb01=> alter user user001 set default_transaction_read_only=on;(數據庫不需要重啟也永久生效
ALTER ROLE
testdb01=> create database test001;
ERROR: permission denied to create database
testdb01=> show default_transaction_read_only;
default_transaction_read_only
-------------------------------
off
(1 row)
上述的參數設置,即使是重啟數據庫剛才設置的只讀模式也是生效的:
pg_ctl -D /data/postgresql/data -l /data/postgresql/log/postgres.log stop
pg_ctl -D /data/postgresql/data -l /data/postgresql/log/postgres.log start
[postgres@cacti ~]$ psql -Uuser001 -dtestdb01 -p19086 -h127.0.0.1
Password for user user001:
psql.bin (9.5.9)
Type "help" for help.
testdb01=> show default_transaction_read_only;
default_transaction_read_only
-------------------------------
on
(1 row)
testdb01=> create database test001;
ERROR: cannot execute CREATE DATABASE in a read-only transaction
2.設置關閉session級別的只讀模式(當然在退出數據庫sql交互窗口的時候設置的模式會失效):
testdb01=> set session default_transaction_read_only=off;
SET
testdb01=> show default_transaction_read_only;
default_transaction_read_only
-------------------------------
off
(1 row)
testdb01=> create database test001;
ERROR: permission denied to create database
testdb01=>
設置開啟session級別的只讀模式(當然在退出數據庫sql交互窗口的時候設置的模式會失效)如果重啟數據庫,則以postgresql.conf文件的配置參數default_transaction_read_only = 為準;
默認配置文件中此參數是關閉的#default_transaction_read_only = off
testdb01=> set session default_transaction_read_only=on;
SET
testdb01=>
testdb01=> show default_transaction_read_only;
default_transaction_read_only
-------------------------------
on
(1 row)
testdb01=> create database test001;
ERROR: permission denied to create database
3.不需要修改postgresql.conf配置文件參數,巧妙的解決登陸psql設置的登陸用戶的只讀模式。
testdb01=> alter user user001 set default_transaction_read_only=on;
ALTER ROLE
testdb01=> show default_transaction_read_only;
default_transaction_read_only
-------------------------------
on
(1 row)
testdb01=> create database test001;
ERROR: cannot execute CREATE DATABASE in a read-only transaction
在此處可以設置session級別的讀寫模式,
關閉session級別的只讀模式(只是臨時關閉只讀模式。退出psql交互窗口,剛才的設置便失效)
testdb01=> set session default_transaction_read_only=off;
testdb01=> alter user user001 set default_transaction_read_only=off;
永久關閉只讀模式,這樣即使是退出pgsql數據庫的交互窗口,只讀模式也是可以關閉的,除非修改配置文件參數為default_transaction_read_only =on來重啟postgresql服務才是只讀模式;
本文出自 “10931853” 博客,請務必保留此出處http://wujianwei.blog.51cto.com/10931853/1976446
給postgresql的登陸用戶設置只讀模式