Postgresql 简明教程

PostgreSQL - PRIVILEGES

每当在数据库中创建对象时,都会指定一个所有者。所有者通常是执行创建语句的人员。对于大部分类型对象,初始状态是只有所有者(หรือ超级用户)可以修改或删除对象。若要允许其他角色或用户使用它,则必须授予权限或用户权限。

Whenever an object is created in a database, an owner is assigned to it. The owner is usually the one who executed the creation statement. For most kinds of objects, the initial state is that only the owner (or a superuser) can modify or delete the object. To allow other roles or users to use it, privileges or permission must be granted.

PostgreSQL 中不同类型的权限:

Different kinds of privileges in PostgreSQL are −

  1. SELECT,

  2. INSERT,

  3. UPDATE,

  4. DELETE,

  5. TRUNCATE,

  6. REFERENCES,

  7. TRIGGER,

  8. CREATE,

  9. CONNECT,

  10. TEMPORARY,

  11. EXECUTE, and

  12. USAGE

权限根据对象类型(表、函数等等)应用至对象。授予用户权限时,使用 GRANT 命令。

Depending on the type of the object (table, function, etc.,), privileges are applied to the object. To assign privileges to the users, the GRANT command is used.

Syntax for GRANT

GRANT 命令的基本语法如下:

Basic syntax for GRANT command is as follows −

GRANT privilege [, ...]
ON object [, ...]
TO { PUBLIC | GROUP group | username }

  1. privilege − values could be: SELECT, INSERT, UPDATE, DELETE, RULE, ALL.

  2. object − The name of an object to which to grant access. The possible objects are: table, view, sequence

  3. PUBLIC − A short form representing all users.

  4. GROUP group − A group to whom to grant privileges.

  5. username − The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.

可以使用 REVOKE 命令撤销权限。

The privileges can be revoked using the REVOKE command.

Syntax for REVOKE

REVOKE 命令的基本语法如下:

Basic syntax for REVOKE command is as follows −

REVOKE privilege [, ...]
ON object [, ...]
FROM { PUBLIC | GROUP groupname | username }

  1. privilege − values could be: SELECT, INSERT, UPDATE, DELETE, RULE, ALL.

  2. object − The name of an object to which to grant access. The possible objects are: table, view, sequence

  3. PUBLIC − A short form representing all users.

  4. GROUP group − A group to whom to grant privileges.

  5. username − The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.

Example

为了理解这些权限,我们首先创建一个 USER 如下 −

To understand the privileges, let us first create a USER as follows −

testdb=# CREATE USER manisha WITH PASSWORD 'password';
CREATE ROLE

消息 CREATE ROLE 指示创建 USER“manisha”。

The message CREATE ROLE indicates that the USER "manisha" is created.

考虑 COMPANY 表具有以下记录:

Consider the table COMPANY having records as follows −

testdb# select * from COMPANY;
 id | name  | age | address   | salary
----+-------+-----+-----------+--------
  1 | Paul  |  32 | California|  20000
  2 | Allen |  25 | Texas     |  15000
  3 | Teddy |  23 | Norway    |  20000
  4 | Mark  |  25 | Rich-Mond |  65000
  5 | David |  27 | Texas     |  85000
  6 | Kim   |  22 | South-Hall|  45000
  7 | James |  24 | Houston   |  10000
(7 rows)

接下来,让我们向用户“manisha”授予表 COMPANY 的所有权限,如下所示 −

Next, let us grant all privileges on a table COMPANY to the user "manisha" as follows −

testdb=# GRANT ALL ON COMPANY TO manisha;
GRANT

消息 GRANT 指示已向 USER 分配所有权限。

The message GRANT indicates that all privileges are assigned to the USER.

接下来,让我们注销 USER“manisha”的权限,如下所示 −

Next, let us revoke the privileges from the USER "manisha" as follows −

testdb=# REVOKE ALL ON COMPANY FROM manisha;
REVOKE

消息 REVOKE 指示已从 USER 中撤销所有权限。

The message REVOKE indicates that all privileges are revoked from the USER.

您甚至可以删除用户,如下所示 −

You can even delete the user as follows −

testdb=# DROP USER manisha;
DROP ROLE

消息 DROP ROLE 指示已从数据库中删除 USER “Manisha”。

The message DROP ROLE indicates USER ‘Manisha’ is deleted from the database.