Postgresql 中文操作指南
Chapter 22. Database Roles
Table of Contents
PostgreSQL 使用 roles 的概念管理数据库访问权限。根据角色的设置方式,角色可以被认为是数据库用户或数据库用户组。角色可以拥有数据库对象(例如表和函数),并可以将这些对象上的权限分配给其他角色以控制谁可以访问哪些对象。此外,也可以将 membership 授予另一个角色,从而允许成员角色使用分配给另一个角色的权限。
PostgreSQL manages database access permissions using the concept of roles. A role can be thought of as either a database user, or a group of database users, depending on how the role is set up. Roles can own database objects (for example, tables and functions) and can assign privileges on those objects to other roles to control who has access to which objects. Furthermore, it is possible to grant membership in a role to another role, thus allowing the member role to use privileges assigned to another role.
角色的概念包含了“用户”和“组”的概念。在 8.1 之前的 PostgreSQL 版本中,用户和组是不同种类的实体,但现在只有角色。任何角色都可以充当用户、组或两者。
The concept of roles subsumes the concepts of “users” and “groups”. In PostgreSQL versions before 8.1, users and groups were distinct kinds of entities, but now there are only roles. Any role can act as a user, a group, or both.
本章介绍如何创建和管理角色。有关角色权限对各种数据库对象的影响的更多信息,请参见 Section 5.7 。
This chapter describes how to create and manage roles. More information about the effects of role privileges on various database objects can be found in Section 5.7.