pg数据库进行用户授权

方式一：通过navicat进行简单界面式操作（此处不讲解）

方式二：命令方式

• 创建用户角色

此处说明，在pg库里面用户和角色的概念其实无区别

CREATE USER/ROLE name [ [ WITH ] option [ ... ] ]  : 关键词 USER,ROLE； name 用户或角色名； where option can be:      SUPERUSER | NOSUPERUSER      :超级权限，拥有所有权限，默认nosuperuser。    | CREATEDB | NOCREATEDB        :建库权限，默认nocreatedb。    | CREATEROLE | NOCREATEROLE    :建角色权限，拥有创建、修改、删除角色，默认nocreaterole。    | INHERIT | NOINHERIT          :继承权限，可以把除superuser权限继承给其他用户/角色，默认inherit。    | LOGIN | NOLOGIN              :登录权限，作为连接的用户，默认nologin，除非是create user（默认登录）。    | REPLICATION | NOREPLICATION  :复制权限，用于物理或则逻辑复制（复制和删除slots），默认是noreplication。    | BYPASSRLS | NOBYPASSRLS      :安全策略RLS权限，默认nobypassrls。    | CONNECTION LIMIT connlimit   :限制用户并发数，默认-1，不限制。正常连接会受限制，后台连接和prepared事务不受限制。    | [ ENCRYPTED ] PASSWord 'password' | PASSWORD NULL :设置密码，密码仅用于有login属性的用户，不使用密码身份验证，则可以省略此选项。可以选择将空密码显式写为PASSWORD NULL。 加密方法由配置参数password_encryption确定，密码始终以加密方式存储在系统目录中。    | VALID UNTIL 'timestamp'      :密码有效期时间，不设置则用不失效。    | IN ROLE role_name [, ...]    :新角色将立即添加为新成员。    | IN GROUP role_name [, ...]   :同上    | ROLE role_name [, ...]       :ROLE子句列出一个或多个现有角色，这些角色自动添加为新角色的成员。 （这实际上使新角色成为“组”）。    | ADMIN role_name [, ...]      :与ROLE类似，但命名角色将添加到新角色WITH ADMIN OPTION，使他们有权将此角色的成员资格授予其他人。    | USER role_name [, ...]       :同上    | SYSID uid                    :被忽略，但是为向后兼容性而存在。

• 授权命令

  GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }    [, ...] | ALL [ PRIVILEGES ] }    ON { [ TABLE ] table_name [, ...]         | ALL TABLES IN SCHEMA schema_name [, ...] }    TO role_specification [, ...] [ WITH GRANT OPTION ] ##单表授权：授权test账号可以访问schema为test的t1表grant select,insert,update,delete on test.t1 to test;##所有表授权：##shema说明：选择的模式为public，我将public模式下的所有表的增删改查授权给角色名为test的角色grant select,insert,update,delete on all tables in schema "public" to test;  GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )    [, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }    ON [ TABLE ] table_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ]  GRANT { { USAGE | SELECT | UPDATE }    [, ...] | ALL [ PRIVILEGES ] }    ON { SEQUENCE sequence_name [, ...]         | ALL SEQUENCES IN SCHEMA schema_name [, ...] }    TO role_specification [, ...] [ WITH GRANT OPTION ] ##序列（自增键）属性授权，指定test schema下的seq_id_seq 给test用户grant select,update on sequence test.seq_id_seq to test;##序列（自增键）属性授权，给用户test授权test schema下的所有序列grant select,update on all sequences in schema "public" to test;  GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] }    ON DATABASE database_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ]  GRANT { USAGE | ALL [ PRIVILEGES ] }    ON DOMaiN domain_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ] ##GRANT { USAGE | ALL [ PRIVILEGES ] }    ON FOREIGN DATA WRAPPER fdw_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ]## GRANT { USAGE | ALL [ PRIVILEGES ] }    ON FOREIGN SERVER server_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ]##GRANT { EXECUTE | ALL [ PRIVILEGES ] }    ON { { FUNCTION | PROCEDURE | ROUTINE } routine_name [ ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) ] [, ...]         | ALL { FUNCTIONS | PROCEDURES | ROUTINES } IN SCHEMA schema_name [, ...] }    TO role_specification [, ...] [ WITH GRANT OPTION ]##  GRANT { USAGE | ALL [ PRIVILEGES ] }    ON LANGUAGE lang_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ]## GRANT { { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] }    ON LARGE OBJECT loid [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ]## GRANT { { CREATE | USAGE } [, ...] | ALL [ PRIVILEGES ] }    ON SCHEMA schema_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ] ##连接模式权限，授权test访问public模式权限grant usage on schema "public" to test; GRANT { CREATE | ALL [ PRIVILEGES ] }    ON TABLESPACE tablespace_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ] GRANT { USAGE | ALL [ PRIVILEGES ] }    ON TYPE type_name [, ...]    TO role_specification [, ...] [ WITH GRANT OPTION ] where role_specification can be:     [ GROUP ] role_name  | PUBLIC  | CURRENT_USER  | SESSION_USER GRANT role_name [, ...] TO role_name [, ...] [ WITH ADMIN OPTION ]

• 授权参数说明

权限说明：SELECT：允许从指定表，视图或序列的任何列或列出的特定列进行SELECT。也允许使用COPY TO。在UPDATE或DELETE中引用现有列值也需要此权限。对于序列，此权限还允许使用currval函数。对于大对象，此权限允许读取对象。INSERT：允许将新行INSERT到指定的表中。如果列出了特定列，则只能在INSERT命令中为这些列分配（因此其他列将接收默认值）。也允许COPY FROM。UPDATE：允许更新指定表的任何列或列出的特定列，需要SELECT权限。DELETE：允许删除指定表中的行，需要SELECT权限。TRUNCATE：允许在指定的表上创建触发器。REFERENCES：允许创建引用指定表或表的指定列的外键约束。TRIGGER：允许在指定的表上创建触发器。CREATE：对于数据库，允许在数据库中创建新的schema、table、index。CONNECT：允许用户连接到指定的数据库。在连接启动时检查此权限。TEMPORARY、TEMP：允许在使用指定数据库时创建临时表。EXECUTE：允许使用指定的函数或过程以及在函数。USAGE：对于schema，允许访问指定模式中包含的对象；对于sequence，允许使用currval和nextval函数。对于类型和域，允许在创建表，函数和其他模式对象时使用类型或域。ALL PRIVILEGES：一次授予所有可用权限。

• 权限撤销

 REVOKE [ GRANT OPTION FOR ]   { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }   [, ...] | ALL [ PRIVILEGES ] }   ON { [ TABLE ] table_name [, ...]        | ALL TABLES IN SCHEMA schema_name [, ...] }   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ] ##移除用户test在schema public上所有表的select权限revoke select on all tables in schema "public" from test;  REVOKE [ GRANT OPTION FOR ]   { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )   [, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }   ON [ TABLE ] table_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ] ##移除用户test在 public模式的t1表的id列的查询权限revoke select (id) on public.t1 from test;  REVOKE [ GRANT OPTION FOR ]   { { USAGE | SELECT | UPDATE }   [, ...] | ALL [ PRIVILEGES ] }   ON { SEQUENCE sequence_name [, ...]        | ALL SEQUENCES IN SCHEMA schema_name [, ...] }   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ]##序列  REVOKE [ GRANT OPTION FOR ]   { { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] }   ON DATABASE database_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ]##库  REVOKE [ GRANT OPTION FOR ]   { USAGE | ALL [ PRIVILEGES ] }   ON DOMAIN domain_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT]##  REVOKE [ GRANT OPTION FOR ]   { USAGE | ALL [ PRIVILEGES ] }   ON FOREIGN DATA WRAPPER fdw_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT]## REVOKE [ GRANT OPTION FOR ]   { USAGE | ALL [ PRIVILEGES ] }   ON FOREIGN SERVER server_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT]##  REVOKE [ GRANT OPTION FOR ]   { EXECUTE | ALL [ PRIVILEGES ] }   ON { { FUNCTION | PROCEDURE | ROUTINE } function_name [ ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) ] [, ...]        | ALL { FUNCTIONS | PROCEDURES | ROUTINES } IN SCHEMA schema_name [, ...] }   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ]##REVOKE [ GRANT OPTION FOR ]   { USAGE | ALL [ PRIVILEGES ] }   ON LANGUAGE lang_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ]##  REVOKE [ GRANT OPTION FOR ]   { { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] }   ON LARGE OBJECT loid [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ]##  REVOKE [ GRANT OPTION FOR ]   { { CREATE | USAGE } [, ...] | ALL [ PRIVILEGES ] }   ON SCHEMA schema_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ]##schema权限  REVOKE [ GRANT OPTION FOR ]   { CREATE | ALL [ PRIVILEGES ] }   ON TABLESPACE tablespace_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ]##  REVOKE [ GRANT OPTION FOR ]   { USAGE | ALL [ PRIVILEGES ] }   ON TYPE type_name [, ...]   FROM { [ GROUP ] role_name | PUBLIC } [, ...]   [ CASCADE | RESTRICT ]##REVOKE [ ADMIN OPTION FOR ]   role_name [, ...] FROM role_name [, ...]   [ CASCADE | RESTRICT ]

• 如果用户需要创建表的权限对该角色进行全部授权之后，发现建表的时候报错说什么当前用户是一个readonly的会话可以进行下面操作进行修改

ALTER USER xx set default_transaction_read_only=NO --修改用户的会话不是只读

参考连接：https://blog.csdn.net/eagle89/article/details/112169903

来源地址：https://blog.csdn.net/weixin_44793245/article/details/127912167