一、环境
#配置远程连接 su postgres vim /var/lib/pgsql/9.4/data/postgresql.conf 编辑配置文件 listen_address=’localhost’ 前面的注释#去掉,并把’localhost’该为’*’; vim /etc/postgresql/8.2/main/pg_hba.conf host all all 192.168.1.0/24 password password 可以设置为trust /etc/init.d/postgresql-8.2 restart 重启服务:还有stop start命令一样的。如果配置错误可能导致无法重启
二、语法:
psql -U postgres #进入数据库 \l #查看有哪些数据库 \c postgresql #选择postgresql 这个数据库,会提示进入连接 \dt #查看所有表 \d tablename #查看某张表结构 \h #查看帮助
三、创建只读用户
#1.创建表 create table t1 ( id serial, name varchar(64) ); CREATE TABLE postgres=# \dt List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | t1 | table | postgres (1 row)
2.创建用户u1 create role u1 with login password ‘123456‘; #login是赋予登录权限,否则是不能登录的 CREATE ROLE
3.赋予u1对表的只读权限(因为创建的普通用户默认是没有任何权限的) postgres=# \c - u1 FATAL: Peer authentication failed for user "u2" Previous connection kept 如果出现以上信息,则需改配置文件: vim /etc/postgresql/9.6/main/pg_hba.conf 找到下面的一行: local all postgres peer 改成: local all postgres trust 如果出现下面的错误: FATAL: Peer authentication failed foruser "mypguser" 请仍然修改pg_hba.conf文件,该下面行的peer为md5: local all all md5 # replace peer with md5 完成上面的修改后请重新加载postgresql: /etc/init.d/postgresql reload postgres=> select * from t1; ERROR: permission denied for relation t1 postgres=> \c - postgres You are now connected to database "postgres" as user "postgres". postgres=# grant select on all tables in schema public to u1; GRANT postgres=# \c - u1You are now connected to database "postgres" as user "u1". postgres=> select * from t1; id | name ----+------ (0 rows)
4.创建表t2 postgres=> \c - postgres You are now connected to database "postgres" as user "postgres". postgres=# create table t2 ( id serial, name varchar(64) ); CREATE TABLE postgres=# \dt List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | t1 | table | postgres public | t2 | table | postgres (2 rows)
5.验证u1的权限 postgres=# \c - u1You are now connected to database "postgres" as user "u1". postgres=> select * from t1; id | name ----+------ (0 rows) postgres=> select * from t2; ERROR: permission denied for relation t2 可见u1是有t1表的读权限,但没有t2表的读权限,这样是不是意味着每次新建表就要赋一次权限?
6.解决办法 postgres=> \c - postgres You are now connected to database "postgres" as user "postgres". postgres=# alter default privileges in schema public grant select on tables to u1; ALTER DEFAULT PRIVILEGES # grant是赋予用户schema下当前表的权限 # alter default privileges是赋予用户schema下表的默认权限 postgres=# create table t3 ( id serial, name varchar(64) ); CREATE TABLE postgres=# \dt List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | t1 | table | postgres public | t2 | table | postgres public | t3 | table | postgres (3 rows)
四、创建可更新用户
1.创建u2用户 postgres=# create role u2 with login password ‘123456‘; CREATE ROLE
2.赋予更新权限 postgres=# alter default privileges in schema public grant select,insert,update,delete on tables to u2; ALTER DEFAULT PRIVILEGES
3.创建表t4 postgres=# create table t4 ( id serial, name varchar(64) );CREATE TABLE postgres=# \dt List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | t1 | table | postgres public | t2 | table | postgres public | t3 | table | postgres public | t4 | table | postgres (4 rows)
4.查看权限 postgres=# \c - u2You are now connected to database "postgres" as user "u2". postgres=> insert into t4 values ( 1, ‘aa‘ ); INSERT 0 1 postgres=> select * from t4; id | name ----+------ 1 | aa (1 row) postgres=> update t4 set name = ‘bb‘ where id = 1; UPDATE 1 postgres=> select * from t4; id | name ----+------ 1 | bb (1 row) postgres=> delete from t4 where id = 1; DELETE 1 postgres=> select * from t4; id | name ----+------ (0 rows)
5.序列的权限与解决办法 # 在insert的时候,指定列插入,主键id是serial类型会默认走sequence的下一个值,但前面 # 只赋予了表的权限,所以会出现下面的问题: postgres=> insert into t4 ( name ) values ( ‘aa‘ ); ERROR: permission denied for sequence t4_id_seq # 解决方法就是再赋一次sequence的值就行了 postgres=> \c - postgres You are now connected to database "postgres" as user "postgres". postgres=# alter default privileges in schema public grant usage on sequences to u2; ALTER DEFAULT PRIVILEGES postgres=# create table t5 ( id serial, name varchar(64) ); CREATE TABLE postgres=# \c - u2 You are now connected to database "postgres" as user "u2". postgres=> insert into t5 ( name ) values ( ‘cc‘ ); INSERT 0 1postgres=> select * from t5; id | name ----+------ 1 | cc (1 row)
五、删除用户
postgres=> \c - postgres You are now connected to database "postgres" as user "postgres". postgres=# drop role u2; ERROR: role "u2" cannot be dropped because some objects depend on it DETAIL: privileges for table t5 privileges for sequence t5_id_seq privileges for default privileges on new sequences belonging to role postgres in schema publicprivileges for table t4 privileges for default privileges on new relations belonging to role postgres in schema public # 当我们删除用户的时候,会提示有权限依赖,所以我们要删除这些权限 postgres=# alter default privileges in schema public revoke usage on sequences from u2; ALTER DEFAULT PRIVILEGES postgres=# alter default privileges in schema public revoke select,insert,delete,update on tables from u2; ALTER DEFAULT PRIVILEGES postgres=# revoke select,insert,delete,update on all tables in schema public from u2; REVOKE postgres=# revoke usage on all sequences in schema public from u2; REVOKE postgres=# drop role u2; DROP ROLE
六、修改用户密码
sudo -u postgres psql ALTER USER postgres WITH PASSWORD ‘passwd‘;
原文地址:http://tanxing.blog.51cto.com/12548898/1952746