PostgreSQL权限（一）

时间 2019-11-18

原文原文链接

首先本身整理了个权限表，以下：sql

lihao=# \dp+数据库

Access privileges
Schema | Name | Type | Access privileges | Column access privileges
----------+-----------------+--------+---------------------+--------------------------oracle

在这个权限表，我以为有两个比较特殊：LOGIN和SUPERUSERspa

1.LOGIN权限

很显然，这就是一个登录权限，但它倒是NO.1权限，若是没有这个权限，那么哪怕是超级用户也不能登录数据库，以下实验：postgresql

lihao=# create role user1 nologin superuser password '123456';
CREATE ROLE
lihao=# \du+
                                    List of roles
Role name |                   Attributes                   | Member of | Description
---------+-----------------------------------------+--------+-------------
lihao     | Superuser, Create role, Create DB, Replication         | {}        |
user1     | Superuser, Cannot login, Replication                 | {}        |
lihao=# \c lihao user1;
FATAL: role "user1" is not permitted to log in
Previous connection kept
lihao=# alter role user1 login;
ALTER ROLE
lihao=# \c lihao user1;
You are now connected to database "lihao" as user "user1".
lihao=#ip

与login权限对应的还有一个登录权限，那就是数据库的CONNECT权限。在以前的博文《postgresql角色（一）》中提到过，默认建立的角色都会拥有public角色在全部数据库的connect权限，那么接下来作个实验看看：
lihao=# create user user1 nologin password 123456';
CREATE ROLE
lihao=# create user user2 password '123456';
CREATE ROLE
lihao=# revoke connect on database db1 from public;
REVOKE
lihao=# \c db1 user1
FATAL: role "user1" is not permitted to log in
Previous connection kept
lihao=# \c db1 user2
FATAL: permission denied for database "db1"
DETAIL: User does not have CONNECT privilege.
Previous connection kept
lihao=#it

结合这个实验以及以前的实验，咱们能够看出，对一个用户而言，只有同时拥有LOGIN和CONNECT权限才能够对数据库进行访问。io

2.SUPERUSER权限

表格的“系统权限”所列的几个权限，除了LOGIN以外，对SUPERUSER而言，其余都可无视。table

lihao=# create role role1 superuser nocreatedb nocreaterole login password 'oracle'; CREATE ROLE lihao=# \c lihao role1 You are now connected to database "lihao" as user "role1". lihao=# create database db1 owner "lihao"; CREATE DATABASE lihao=# create role role2 ; CREATE ROLE