Case: 一个read-only 角色对某个schema下的新建的表,无需单独授权，直接拥有只读权限

首先，你要知道Postgresql默认schema下新建的表，对于一个普通用户不会有select的权限的，所以我需要修改Postgresql默认的权限，把select提前赋予普通用户，需要使用到alter default privileges这个命令

Session1 (user:postgres):

#psql

create role role1 password '123456' login;

create schema schema1;

grant usage on schema schema1 to role1;

testdb=# \dn+ schema1;

List of schemas

Name|Owner|Access privileges| Description

---------+----------+----------------------+-------------

schema1 | postgres | postgres=UC/postgres+|

|| role1=U/postgres|

alter default privileges in schema schema1 grant select on tables to role1;

testdb=# \ddp+

Default access privileges

Owner| Schema| Type| Access privileges

----------+---------+-------+-------------------

postgres | schema1 | table | role1=r/postgres

create table schema1.t1(c1 int,c2 varchar(10));

insert into schema1.t1 values(1,'aaa');

testdb=# \dp+

Access privileges

Schema| Name | Type|Access privileges| Column privileges | Policies

---------+------+-------+---------------------------+-------------------+----------

schema1 | t1| table | postgres=arwdDxt/postgres+||

||| role1=r/postgres||

Session2 read_only:

#psql -h 172.16.101.54 -p 5432 testdb role1

testdb=> select * from schema1.t1;

c1 | c2

----+-----

1 | aaa

(1 row)