瞭解usage權限的使用與管理session
場景1 :只受權usage on schema 權限
session 1:
--建立test用戶,並將highgo模式賦予test用戶。url
| highgo=# create user test with password 'password';spa CREATE ROLE.net highgo=# grant USAGE on SCHEMA highgo to test ;對象 GRANT文檔
highgo=# \dn highgo get List of schemasit Name | Owner io --------+--------event highgo | highgo |
session 2:
--登錄readonly用戶能夠查詢highgo模式下現存的全部表。
| highgo=# \c highgo test
highgo=> select * from highgo. highgo.big_table highgo.dept highgo.ump highgo.bonus highgo.pgdo highgo=> select * from highgo.ump ; pid | event_type | event | queryid | count ---------+---------------+-------------------------+-----------------+-------- 14764 | IO | DataFileRead | 0 | 3 14986 | IPC | MessageQueuInternal | 3876349911 | 1 14767 | Activity | LogicalLauncherMain | 0 | 273690 14986 | IO | DataFileImmediateSync | 0 | 1 14760 | Activity | AutoVacumMain | 0 | 273622 14765 | Extension | Extension | 0 | 268108 14757 | Activity | CheckpointerMain | 0 | 273344 16728 | Client | ClientRead | 0 | 1454 14765 | IPC | MessageQueuInternal | 4242708246 | 1 14757 | IO | DataFileSync | 0 | 1 16741 | Client | ClientRead | 0 | 44655 14758 | Activity | BgWriterHibernte | 0 | 256733 14758 | Activity | BgWriterMain | 0 | 16926 14757 | IO | DataFileWrite | 0 | 1 16425 | Client | ClientRead | 0 | 30320 14765 | LWLock | lock_manager | 0 | 1 14986 | Client | ClientRead | 0 | 253179 14759 | Activity | WalWriterMain | 0 | 273673 (18 rows)
|
切換到session1建立新表t1
| highgo=# create table t1 as select * from ump; |
切換到session2 test用戶下,t1表沒法查詢
|
highgo=> select * from highgo. highgo.big_table highgo.dept highgo.t1 highgo.bonus highgo.pgdo highgo.ump
highgo=> select * from highgo.t1; ERROR: 42501: permission denied for relation t1 |
總結:若是隻授予 usage on schema 權限,test只能查看 highgo 模式下已經存在的表和對象。
在授予 usage on schema 權限以後建立的新表沒法查看。
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
場景2:授予usage on schema權限以後 ,再賦予 select on all tables in schema權限
針對場景1 [ERROR: 42501: permission denied for relation t1] 錯誤的處理
| highgo=> select * from highgo. highgo.big_table highgo.dept highgo.t1 highgo.bonus highgo.pgdo highgo.ump
highgo=> select * from highgo.t1; ERROR: 42501: permission denied for relation t1 |
session1:受權test用戶select on all tables 權限
| highgo=# grant select on all tables in schema highgo TO test ; GRANT |
session2: test用戶查詢t1表
| highgo=> select * from highgo.t1 ; pid | event_type | event | queryid | count ---------+---------------+-------------------------+-----------------+-------- 14764 | IO | DataFileRead | 0 | 3 14986 | IPC | MessageQueuInternal | 3876349911 | 1 14767 | Activity | LogicalLauncherMain | 0 | 273690 14986 | IO | DataFileImmediateSync | 0 | 1 14760 | Activity | AutoVacumMain | 0 | 273622 14765 | Extension | Extension | 0 | 268108 14757 | Activity | CheckpointerMain | 0 | 273344 16728 | Client | ClientRead | 0 | 1454 14765 | IPC | MessageQueuInternal | 4242708246 | 1 14757 | IO | DataFileSync | 0 | 1 16741 | Client | ClientRead | 0 | 44655 14758 | Activity | BgWriterHibernte | 0 | 256733 14758 | Activity | BgWriterMain | 0 | 16926 14757 | IO | DataFileWrite | 0 | 1 16425 | Client | ClientRead | 0 | 30320 14765 | LWLock | lock_manager | 0 | 1 14986 | Client | ClientRead | 0 | 253179 14759 | Activity | WalWriterMain | 0 | 273673 (18 rows) |
session1:登錄 highgo 用戶的 highgo 模式下建立新表 t2
| highgo=# create table t2 as select * from ump ; SELECT 18 |
session2:test用戶查詢t2表權限不足
| highgo=> select * from highgo.t2; ERROR: 42501: permission denied for relation t2 |
session1:再次賦予 grant select on all tables
| highgo=# grant select on all tables in schema highgo TO test ; GRANT |
session2:test用戶又能夠查看 t2 表
| highgo=> select * from highgo.t2 ; pid | event_type | event | queryid | count ---------+---------------+-------------------------+-----------------+-------- 14764 | IO | DataFileRead | 0 | 3 14986 | IPC | MessageQueuInternal | 3876349911 | 1 14767 | Activity | LogicalLauncherMain | 0 | 273690 14986 | IO | DataFileImmediateSync | 0 | 1 14760 | Activity | AutoVacumMain | 0 | 273622 14765 | Extension | Extension | 0 | 268108 14757 | Activity | CheckpointerMain | 0 | 273344 16728 | Client | ClientRead | 0 | 1454 14765 | IPC | MessageQueuInternal | 4242708246 | 1 14757 | IO | DataFileSync | 0 | 1 16741 | Client | ClientRead | 0 | 44655 14758 | Activity | BgWriterHibernte | 0 | 256733 14758 | Activity | BgWriterMain | 0 | 16926 14757 | IO | DataFileWrite | 0 | 1 16425 | Client | ClientRead | 0 | 30320 14765 | LWLock | lock_manager | 0 | 1 14986 | Client | ClientRead | 0 | 253179 14759 | Activity | WalWriterMain | 0 | 273673 (18 rows) |
更多詳細信息請登陸【瀚高技術支持平臺】查看 https://support.highgo.com/#/index/docContentHighgo/5ec1f71d00ef9617