乱码乱a∨中文字幕,在线免费激情视频,亚洲欧美久久夜夜潮,国产在线网址

<sub id="hjl7n"></sub>

<sub id="hjl7n"></sub>

<legend id="hjl7n"></legend>

<xmp id="tx59y"><s id="tx59y"></s></xmp>

<u id="tx59y"></u>

<strong id="tx59y"><u id="tx59y"></u></strong>

首頁

營銷

財富

IDC

IT資訊

創(chuàng)業(yè)頭條

創(chuàng)業(yè)加盟

服務(wù)市場

創(chuàng)業(yè)項目加盟: 招商合作; VIP特權(quán); 最新創(chuàng)業(yè)項目; 創(chuàng)業(yè)項目排行榜

網(wǎng)站服務(wù): SEO診斷; SEO顧問

營銷推廣服務(wù): A5全媒體平臺; 品牌營銷; 企業(yè)會員; 小紅書推廣; 快手信息流開戶; 云主機(jī)優(yōu)惠

當(dāng)前位置：首頁 > 站長 > 數(shù)據(jù)庫 > 正文

品牌
標(biāo)簽
企業(yè)會員

postgresql影子用戶實(shí)踐場景分析

2021-04-22 16:56 來源：腳本之家我來投稿撤稿糾錯

　阿里云優(yōu)惠券先領(lǐng)券再下單

在實(shí)際的生產(chǎn)環(huán)境，我們經(jīng)常會碰到這樣的情況：因為業(yè)務(wù)場景需要，本部門某些重要的業(yè)務(wù)數(shù)據(jù)表需要給予其他部門查看權(quán)限，因業(yè)務(wù)的擴(kuò)展及調(diào)整，后期可能需要放開更多的表查詢權(quán)限。為解決此種業(yè)務(wù)需求，我們可以采用創(chuàng)建視圖的方式來解決，已可以通過創(chuàng)建影子用戶的方式來滿足需求，本文主要介紹影子用戶的創(chuàng)建及授權(quán)方法。

場景1：只授予usage on schema 權(quán)限

session 1:

--創(chuàng)建readonly用戶，并將test模式賦予readonly用戶。

postgres=# create user readonly with password 'postgres';
CREATE ROLE
postgres=# grant usage on schema test to readonly;
GRANT
postgres=# \dn
List of schemas
Name | Owner
-------+-------
test | postgres

session 2:

--登陸readonly用戶可以查詢test模式下現(xiàn)存的所有表。

postgres=# \c postgres readonly
You are now connected to database "postgres" as user "readonly".
postgres=> select * from test.emp ;
empno | ename | job | mgr | hiredate | sal | comm | deptno
-------+--------+-----------+------+------------+---------+---------+--------
7499 | ALLEN | SALESMAN | 7698 | 1981-02-20 | 1600.00 | 300.00 |   30
7521 | WARD | SALESMAN | 7698 | 1981-02-22 | 1250.00 | 500.00 |   30
7566 | JONES | MANAGER | 7839 | 1981-04-02 | 2975.00 |     |   20
7654 | MARTIN | SALESMAN | 7698 | 1981-09-28 | 1250.00 | 1400.00 |   30
7698 | BLAKE | MANAGER | 7839 | 1981-05-01 | 2850.00 |     |   30
7782 | CLARK | MANAGER | 7839 | 1981-06-09 | 2450.00 |     |   10
7839 | KING | PRESIDENT |   | 1981-11-17 | 5000.00 |     |   10
7844 | TURNER | SALESMAN | 7698 | 1981-09-08 | 1500.00 | 0.00 |   30
7900 | JAMES | CLERK   | 7698 | 1981-12-03 | 950.00 |     |   30
7902 | FORD | ANALYST | 7566 | 1981-12-03 | 3000.00 |     |   20
7934 | MILLER | CLERK   | 7782 | 1982-01-23 | 1300.00 |     |   10
7788 | test | ANALYST | 7566 | 1982-12-09 | 3000.00 |     |   20
7876 | ADAMS | CLERK   | 7788 | 1983-01-12 | 1100.00 |     |   20
1111 | SMITH | CLERK   | 7902 | 1980-12-17 | 800.00 |     |   20
(14 rows)

換到session 1創(chuàng)建新表t1

postgres=# create table test.t1 as select * from test.emp;CREATE TABLE

切換到session 2 readonly用戶下，t1表無法查詢

postgres=> select * from test.t1 ;
2021-03-02 15:25:33.290 CST [21059] ERROR: permission denied for table t1
2021-03-02 15:25:33.290 CST [21059] STATEMENT: select * from test.t1 ;
**ERROR: permission denied for table t1

結(jié)論：如果只授予 usage on schema 權(quán)限，readonly 只能查看 test 模式下已經(jīng)存在的表和對象。在授予 usage on schema 權(quán)限之后創(chuàng)建的新表無法查看。

場景2：授予usage on schema 權(quán)限之后，再賦予 select on all tables in schema 權(quán)限

針對上個場景session 2 **ERROR: permission denied for table t1 錯誤的處理

postgres=> select * from test.t1 ;**ERROR: permission denied for table t1

session 1：使用postgres用戶授予readonly用戶 select on all tables 權(quán)限

1postgres=# grant select on all tables in schema test TO readonly ;

session 2: readonly用戶查詢 t1 表

postgres=> select * from test.t1;
empno | ename | job | mgr | hiredate | sal | comm | deptno
-------+--------+-----------+------+------------+---------+---------+--------
7499 | ALLEN | SALESMAN | 7698 | 1981-02-20 | 1600.00 | 300.00 |   30
7521 | WARD | SALESMAN | 7698 | 1981-02-22 | 1250.00 | 500.00 |   30
7566 | JONES | MANAGER | 7839 | 1981-04-02 | 2975.00 |     |   20
7654 | MARTIN | SALESMAN | 7698 | 1981-09-28 | 1250.00 | 1400.00 |   30
7698 | BLAKE | MANAGER | 7839 | 1981-05-01 | 2850.00 |     |   30
7782 | CLARK | MANAGER | 7839 | 1981-06-09 | 2450.00 |     |   10
7839 | KING | PRESIDENT |   | 1981-11-17 | 5000.00 |     |   10
7844 | TURNER | SALESMAN | 7698 | 1981-09-08 | 1500.00 | 0.00 |   30
7900 | JAMES | CLERK   | 7698 | 1981-12-03 | 950.00 |     |   30
7902 | FORD | ANALYST | 7566 | 1981-12-03 | 3000.00 |     |   20
7934 | MILLER | CLERK   | 7782 | 1982-01-23 | 1300.00 |     |   10
7788 | test | ANALYST | 7566 | 1982-12-09 | 3000.00 |     |   20
7876 | ADAMS | CLERK   | 7788 | 1983-01-12 | 1100.00 |     |   20
1111 | SMITH | CLERK   | 7902 | 1980-12-17 | 800.00 |     |   20
(14 rows)

session1 ：postgres用戶的test模式下創(chuàng)建新表 t2

postgres=# create table test.t2 as select * from test.emp;SELECT 14

session 2：readonly用戶查詢 t2 表權(quán)限不足

postgres=> select * from test.t2 ;ERROR: permission denied for table t2

session 1：再次賦予 grant select on all tables

1postgres=# grant select on all tables in schema test TO readonly ;

session 2：readonly用戶又可以查看 T2 表

postgres=> select * from test.t2 ;
empno | ename | job | mgr | hiredate | sal | comm | deptno
-------+--------+-----------+------+------------+---------+---------+--------
7499 | ALLEN | SALESMAN | 7698 | 1981-02-20 | 1600.00 | 300.00 |   30
7521 | WARD | SALESMAN | 7698 | 1981-02-22 | 1250.00 | 500.00 |   30
7566 | JONES | MANAGER | 7839 | 1981-04-02 | 2975.00 |     |   20
7654 | MARTIN | SALESMAN | 7698 | 1981-09-28 | 1250.00 | 1400.00 |   30
7698 | BLAKE | MANAGER | 7839 | 1981-05-01 | 2850.00 |     |   30
7782 | CLARK | MANAGER | 7839 | 1981-06-09 | 2450.00 |     |   10
7839 | KING | PRESIDENT |   | 1981-11-17 | 5000.00 |     |   10
7844 | TURNER | SALESMAN | 7698 | 1981-09-08 | 1500.00 | 0.00 |   30
7900 | JAMES | CLERK   | 7698 | 1981-12-03 | 950.00 |     |   30
7902 | FORD | ANALYST | 7566 | 1981-12-03 | 3000.00 |     |   20
7934 | MILLER | CLERK   | 7782 | 1982-01-23 | 1300.00 |     |   10
7788 | test | ANALYST | 7566 | 1982-12-09 | 3000.00 |     |   20
7876 | ADAMS | CLERK   | 7788 | 1983-01-12 | 1100.00 |     |   20
1111 | SMITH | CLERK   | 7902 | 1980-12-17 | 800.00 |     |   20
(14 rows)

影子用戶創(chuàng)建

如果想讓readonly只讀用戶不在每次 postgres用戶在test模式中創(chuàng)建新表后都要手工賦予 grant select on all tables in schema test TO readonly 權(quán)限。則需要授予對test默認(rèn)的訪問權(quán)限，對于test模式新創(chuàng)建的也生效。

session 1：未來訪問test模式下所有新建的表賦權(quán)，創(chuàng)建 t5 表。

postgres=# alter default privileges in schema test grant select on tables to readonly ;
ALTER DEFAULT PRIVILEGES
postgres=# create table test.t5 as select * from test.emp;
CREATE TABLE

session 2：查詢readonly用戶

postgres=> select * from test.t5;
empno | ename | job | mgr | hiredate | sal | comm | deptno
-------+--------+-----------+------+------------+---------+---------+--------
7499 | ALLEN | SALESMAN | 7698 | 1981-02-20 | 1600.00 | 300.00 |   30
7521 | WARD | SALESMAN | 7698 | 1981-02-22 | 1250.00 | 500.00 |   30
7566 | JONES | MANAGER | 7839 | 1981-04-02 | 2975.00 |     |   20
7654 | MARTIN | SALESMAN | 7698 | 1981-09-28 | 1250.00 | 1400.00 |   30
7698 | BLAKE | MANAGER | 7839 | 1981-05-01 | 2850.00 |     |   30
7782 | CLARK | MANAGER | 7839 | 1981-06-09 | 2450.00 |     |   10
7839 | KING | PRESIDENT |   | 1981-11-17 | 5000.00 |     |   10
7844 | TURNER | SALESMAN | 7698 | 1981-09-08 | 1500.00 | 0.00 |   30
7900 | JAMES | CLERK   | 7698 | 1981-12-03 | 950.00 |     |   30
7902 | FORD | ANALYST | 7566 | 1981-12-03 | 3000.00 |     |   20
7934 | MILLER | CLERK   | 7782 | 1982-01-23 | 1300.00 |     |   10
7788 | test | ANALYST | 7566 | 1982-12-09 | 3000.00 |     |   20
7876 | ADAMS | CLERK   | 7788 | 1983-01-12 | 1100.00 |     |   20
1111 | SMITH | CLERK   | 7902 | 1980-12-17 | 800.00 |     |   20
(14 rows)

總結(jié)：影子用戶創(chuàng)建的步驟

--創(chuàng)建影子用戶
create user readonly with password 'postgres';
--將schema中usage權(quán)限賦予給readonly用戶,訪問所有已存在的表
grant usage on schema test to readonly;
grant select on all tables in schema test to readonly;
--未來訪問test模式下所有新建的表
alter default privileges in schema test grant select on tables to readonly ;

文章來源：腳本之家

來源地址：https://www.jb51.net/article/207011.htm

申請創(chuàng)業(yè)報道，分享創(chuàng)業(yè)好點(diǎn)子。點(diǎn)擊此處，共同探討創(chuàng)業(yè)新機(jī)遇！

相關(guān)文章

加載更多

熱門排行

信息推薦

編輯推薦

熱門標(biāo)簽