1. 程式人生 > >資料庫使用者許可權管理(一)

資料庫使用者許可權管理(一)

一個使用者的許可權可以分為兩大類
一類是建立使用者的時候指定的:
登入(login)[需要注意,user自帶login許可權,role不帶]
建立使用者、角色(createuser/role)
許可權繼承(inherit)
建立資料庫(createdb)
超級使用者(superuser)
等等

舉例:

highgo=# create role trole with createrole inherit;
CREATE ROLE
highgo=# \c highgo trole;
????:  28000: ?????"trole" ????
Previous connection kept
highgo=# alter user trole with login;
ALTER ROLE
highgo=# \c highgo trole;

PSQL: Release 4.1.1
Connected to:
HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production

You are now connected to database "highgo" as user "trole".
highgo=> 

另一類是通過grant和revoke來管理的:
資料庫中建立臨時表、模式、普通表、函式等
對資料庫中資料的增刪改查等
對序列的查詢、使用、更新等
將一個使用者的許可權賦予給另一個使用者
......

將資料庫邏輯結構物件的操作許可權賦予給某個使用者/角色,格式如下:

GRANT privileges ON  database_obj  TO user_name;

舉例:
grant  select,insert on table test to test;

highgo=> \c highgo test

PSQL: Release 4.1.1
Connected to:
HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production

You are now connected to database "highgo" as user "test".
highgo=> select * from test limit 6;
錯誤:  42501: 對關係 test 許可權不夠
highgo=> \c highgo highgo

PSQL: Release 4.1.1
Connected to:
HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production

You are now connected to database "highgo" as user "highgo".
highgo=# grant  select,insert on table test to test;
GRANT
highgo=# \c highgo test;

PSQL: Release 4.1.1
Connected to:
HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production

You are now connected to database "highgo" as user "test".
highgo=> select * from test limit 6;
 id | name  | profession 
----+-------+------------
  1 | TOM   | accounting
  1 | JERRY | accounting
  2 | JERRY | accounting
  2 | JUGG  | Business
 10 | 瀚高  | 基礎軟體
 11 | 瀚高  | 基礎軟體
(6 rows)

BY  海無涯