亚洲乱码中文字幕综合,中国熟女仑乱hd,亚洲精品乱拍国产一区二区三区,一本大道卡一卡二卡三乱码全集资源,又粗又黄又硬又爽的免费视频

postgresql影子用戶實(shí)踐場(chǎng)景分析

 更新時(shí)間:2021年03月06日 11:03:53   作者:瀚高PG實(shí)驗(yàn)室  
這篇文章主要介紹了postgresql影子用戶實(shí)踐場(chǎng)景分析,本文給大家介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或工作具有一定的參考借鑒價(jià)值,需要的朋友可以參考下

在實(shí)際的生產(chǎn)環(huán)境 ,我們經(jīng)常會(huì)碰到這樣的情況:因?yàn)闃I(yè)務(wù)場(chǎng)景需要,本部門某些重要的業(yè)務(wù)數(shù)據(jù)表需要給予其他部門查看權(quán)限,因業(yè)務(wù)的擴(kuò)展及調(diào)整,后期可能需要放開更多的表查詢權(quán)限。為解決此種業(yè)務(wù)需求,我們可以采用創(chuàng)建視圖的方式來解決,已可以通過創(chuàng)建影子用戶的方式來滿足需求,本文主要介紹影子用戶的創(chuàng)建及授權(quán)方法。

場(chǎng)景1:只授予usage on schema 權(quán)限

session 1:
--創(chuàng)建readonly用戶,并將test模式賦予readonly用戶。

postgres=# create user readonly with password 'postgres';
CREATE ROLE
postgres=# grant usage on schema test to readonly;
​GRANT
postgres=# \dn
List of schemas
 Name | Owner 
-------+-------
 test | postgres

session 2:

--登陸readonly用戶可以查詢test模式下現(xiàn)存的所有表。

postgres=# \c postgres readonly 
You are now connected to database "postgres" as user "readonly".
postgres=> select * from test.emp ;
 empno | ename |  job  | mgr | hiredate |  sal  | comm  | deptno 
-------+--------+-----------+------+------------+---------+---------+--------
 7499 | ALLEN | SALESMAN | 7698 | 1981-02-20 | 1600.00 | 300.00 |   30
 7521 | WARD  | SALESMAN | 7698 | 1981-02-22 | 1250.00 | 500.00 |   30
 7566 | JONES | MANAGER  | 7839 | 1981-04-02 | 2975.00 |     |   20
 7654 | MARTIN | SALESMAN | 7698 | 1981-09-28 | 1250.00 | 1400.00 |   30
 7698 | BLAKE | MANAGER  | 7839 | 1981-05-01 | 2850.00 |     |   30
 7782 | CLARK | MANAGER  | 7839 | 1981-06-09 | 2450.00 |     |   10
 7839 | KING  | PRESIDENT |   | 1981-11-17 | 5000.00 |     |   10
 7844 | TURNER | SALESMAN | 7698 | 1981-09-08 | 1500.00 |  0.00 |   30
 7900 | JAMES | CLERK   | 7698 | 1981-12-03 | 950.00 |     |   30
 7902 | FORD  | ANALYST  | 7566 | 1981-12-03 | 3000.00 |     |   20
 7934 | MILLER | CLERK   | 7782 | 1982-01-23 | 1300.00 |     |   10
 7788 | test  | ANALYST  | 7566 | 1982-12-09 | 3000.00 |     |   20
 7876 | ADAMS | CLERK   | 7788 | 1983-01-12 | 1100.00 |     |   20
 1111 | SMITH | CLERK   | 7902 | 1980-12-17 | 800.00 |     |   20
(14 rows)

換到session 1創(chuàng)建新表t1

postgres=# create table test.t1 as select * from test.emp;
​CREATE TABLE

切換到session 2 readonly用戶下,t1表無法查詢

postgres=> select * from test.t1 ;
2021-03-02 15:25:33.290 CST [21059] ERROR: permission denied for table t1
2021-03-02 15:25:33.290 CST [21059] STATEMENT: select * from test.t1 ;
**ERROR: permission denied for table t1

結(jié)論:如果只授予 usage on schema 權(quán)限,readonly 只能查看 test 模式下已經(jīng)存在的表和對(duì)象。在授予 usage on schema 權(quán)限之后創(chuàng)建的新表無法查看。

場(chǎng)景2:授予usage on schema 權(quán)限之后,再賦予 select on all tables in schema 權(quán)限

針對(duì)上個(gè)場(chǎng)景session 2 **ERROR: permission denied for table t1 錯(cuò)誤的處理

postgres=> select * from test.t1 ;
**ERROR: permission denied for table t1

session 1: 使用postgres用戶授予readonly用戶 select on all tables 權(quán)限

postgres=# grant select on all tables in schema test TO readonly ;

session 2: readonly用戶查詢 t1 表

postgres=> select * from test.t1;
 empno | ename |  job  | mgr | hiredate |  sal  | comm  | deptno 
-------+--------+-----------+------+------------+---------+---------+--------
 7499 | ALLEN | SALESMAN | 7698 | 1981-02-20 | 1600.00 | 300.00 |   30
 7521 | WARD  | SALESMAN | 7698 | 1981-02-22 | 1250.00 | 500.00 |   30
 7566 | JONES | MANAGER  | 7839 | 1981-04-02 | 2975.00 |     |   20
 7654 | MARTIN | SALESMAN | 7698 | 1981-09-28 | 1250.00 | 1400.00 |   30
 7698 | BLAKE | MANAGER  | 7839 | 1981-05-01 | 2850.00 |     |   30
 7782 | CLARK | MANAGER  | 7839 | 1981-06-09 | 2450.00 |     |   10
 7839 | KING  | PRESIDENT |   | 1981-11-17 | 5000.00 |     |   10
 7844 | TURNER | SALESMAN | 7698 | 1981-09-08 | 1500.00 |  0.00 |   30
 7900 | JAMES | CLERK   | 7698 | 1981-12-03 | 950.00 |     |   30
 7902 | FORD  | ANALYST  | 7566 | 1981-12-03 | 3000.00 |     |   20
 7934 | MILLER | CLERK   | 7782 | 1982-01-23 | 1300.00 |     |   10
 7788 | test  | ANALYST  | 7566 | 1982-12-09 | 3000.00 |     |   20
 7876 | ADAMS | CLERK   | 7788 | 1983-01-12 | 1100.00 |     |   20
 1111 | SMITH | CLERK   | 7902 | 1980-12-17 | 800.00 |     |   20
(14 rows)

session1 :postgres用戶的test模式下創(chuàng)建新表 t2

postgres=# create table test.t2 as select * from test.emp;
SELECT 14

session 2:readonly用戶查詢 t2 表權(quán)限不足

postgres=> select * from test.t2 ;
ERROR: permission denied for table t2

session 1:再次賦予 grant select on all tables

postgres=# grant select on all tables in schema test TO readonly ;

session 2:readonly用戶又可以查看 T2 表

postgres=> select * from test.t2 ;
 empno | ename |  job  | mgr | hiredate |  sal  | comm  | deptno 
-------+--------+-----------+------+------------+---------+---------+--------
 7499 | ALLEN | SALESMAN | 7698 | 1981-02-20 | 1600.00 | 300.00 |   30
 7521 | WARD  | SALESMAN | 7698 | 1981-02-22 | 1250.00 | 500.00 |   30
 7566 | JONES | MANAGER  | 7839 | 1981-04-02 | 2975.00 |     |   20
 7654 | MARTIN | SALESMAN | 7698 | 1981-09-28 | 1250.00 | 1400.00 |   30
 7698 | BLAKE | MANAGER  | 7839 | 1981-05-01 | 2850.00 |     |   30
 7782 | CLARK | MANAGER  | 7839 | 1981-06-09 | 2450.00 |     |   10
 7839 | KING  | PRESIDENT |   | 1981-11-17 | 5000.00 |     |   10
 7844 | TURNER | SALESMAN | 7698 | 1981-09-08 | 1500.00 |  0.00 |   30
 7900 | JAMES | CLERK   | 7698 | 1981-12-03 | 950.00 |     |   30
 7902 | FORD  | ANALYST  | 7566 | 1981-12-03 | 3000.00 |     |   20
 7934 | MILLER | CLERK   | 7782 | 1982-01-23 | 1300.00 |     |   10
 7788 | test  | ANALYST  | 7566 | 1982-12-09 | 3000.00 |     |   20
 7876 | ADAMS | CLERK   | 7788 | 1983-01-12 | 1100.00 |     |   20
 1111 | SMITH | CLERK   | 7902 | 1980-12-17 | 800.00 |     |   20
(14 rows)

影子用戶創(chuàng)建

如果想讓readonly只讀用戶不在每次 postgres用戶在test模式中創(chuàng)建新表后都要手工賦予 grant select on all tables in schema test TO readonly 權(quán)限。則需要授予對(duì)test默認(rèn)的訪問權(quán)限,對(duì)于test模式新創(chuàng)建的也生效。

session 1:未來訪問test模式下所有新建的表賦權(quán),創(chuàng)建 t5 表。

postgres=# alter default privileges in schema test grant select on tables to readonly ;
ALTER DEFAULT PRIVILEGES
postgres=# create table test.t5 as select * from test.emp;
CREATE TABLE

session 2:查詢r(jià)eadonly用戶

postgres=> select * from test.t5;
 empno | ename |  job  | mgr | hiredate |  sal  | comm  | deptno 
-------+--------+-----------+------+------------+---------+---------+--------
 7499 | ALLEN | SALESMAN | 7698 | 1981-02-20 | 1600.00 | 300.00 |   30
 7521 | WARD  | SALESMAN | 7698 | 1981-02-22 | 1250.00 | 500.00 |   30
 7566 | JONES | MANAGER  | 7839 | 1981-04-02 | 2975.00 |     |   20
 7654 | MARTIN | SALESMAN | 7698 | 1981-09-28 | 1250.00 | 1400.00 |   30
 7698 | BLAKE | MANAGER  | 7839 | 1981-05-01 | 2850.00 |     |   30
 7782 | CLARK | MANAGER  | 7839 | 1981-06-09 | 2450.00 |     |   10
 7839 | KING  | PRESIDENT |   | 1981-11-17 | 5000.00 |     |   10
 7844 | TURNER | SALESMAN | 7698 | 1981-09-08 | 1500.00 |  0.00 |   30
 7900 | JAMES | CLERK   | 7698 | 1981-12-03 | 950.00 |     |   30
 7902 | FORD  | ANALYST  | 7566 | 1981-12-03 | 3000.00 |     |   20
 7934 | MILLER | CLERK   | 7782 | 1982-01-23 | 1300.00 |     |   10
 7788 | test  | ANALYST  | 7566 | 1982-12-09 | 3000.00 |     |   20
 7876 | ADAMS | CLERK   | 7788 | 1983-01-12 | 1100.00 |     |   20
 1111 | SMITH | CLERK   | 7902 | 1980-12-17 | 800.00 |     |   20
(14 rows)

總結(jié):影子用戶創(chuàng)建的步驟

--創(chuàng)建影子用戶
create user readonly with password 'postgres';
--將schema中usage權(quán)限賦予給readonly用戶,訪問所有已存在的表
grant usage on schema test to readonly;
grant select on all tables in schema test to readonly;
--未來訪問test模式下所有新建的表
alter default privileges in schema test grant select on tables to readonly ;

到此這篇關(guān)于postgresql影子用戶實(shí)踐的文章就介紹到這了,更多相關(guān)postgresql影子用戶內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!

相關(guān)文章

最新評(píng)論