Case: 一个read-only 角色对某个schema下的新建的表,无需单独授权,直接拥有只读权限
首先,你要知道Postgresql默认schema下新建的表,对于一个普通用户不会有select的权限的,所以我需要修改Postgresql默认的权限,把select提前赋予普通用户,需要使用到alter default privileges这个命令
Session1 (user:postgres):
#psql
create role role1 password '123456' login;
create schema schema1;
grant usage on schema schema1 to role1;
testdb=# \dn+ schema1;
List of schemas
Name|Owner|Access privileges| Description
---------+----------+----------------------+-------------
schema1 | postgres | postgres=UC/postgres+|
|| role1=U/postgres|
alter default privileges in schema schema1 grant select on tables to role1;
testdb=# \ddp+
Default access privileges
Owner| Schema| Type| Access privileges
----------+---------+-------+-------------------
postgres | schema1 | table | role1=r/postgres
create table schema1.t1(c1 int,c2 varchar(10));
insert into schema1.t1 values(1,'aaa');
testdb=# \dp+
Access privileges
Schema| Name | Type|Access privileges| Column privileges | Policies
---------+------+-------+---------------------------+-------------------+----------
schema1 | t1| table | postgres=arwdDxt/postgres+||
||| role1=r/postgres||
Session2 read_only:
#psql -h 172.16.101.54 -p 5432 testdb role1
testdb=> select * from schema1.t1;
c1 | c2
----+-----
1 | aaa
(1 row)