1

mygs_user在三个数据库 中有一个共同的用户mydatamodelmygs,和Newdatabase(更改名称以保护无辜者)。

我“继承”了前两个数据库,并创建了第三个Newdatabase

问题是虽然两个原始数据库没有明确的权限,但普通用户 ,mygs_user可以正常访问它们。第三个 ( Newdatabase) 不允许访问,除非我将普通用户修改为超级用户,这显然不是最佳实践。

当然,我已经尝试将我的 NewDB 的安全设置设置为没有骰子的原始设置。

这是两个原始数据库:

mydatamodel

CREATE DATABASE mydatamodel
  WITH OWNER = postgres
       ENCODING = 'UTF8'
       TABLESPACE = datamodel_tablespace
       LC_COLLATE = 'English, United States'
       LC_CTYPE = 'English, United States'
       CONNECTION LIMIT = -1;

mygs

CREATE DATABASE mygs
  WITH OWNER = postgres
       ENCODING = 'UTF8'
       TABLESPACE = mygs_tablespace
       LC_COLLATE = 'English, United States'
       LC_CTYPE = 'English, United States'
       CONNECTION LIMIT = -1;

...这是新的数据库:

CREATE DATABASE "NewDatabase"
  WITH OWNER = postgres
       ENCODING = 'UTF8'
       TABLESPACE = pg_default
       LC_COLLATE = 'English, United States'
       LC_CTYPE = 'English, United States'
       CONNECTION LIMIT = -1;
GRANT CONNECT, TEMPORARY ON DATABASE "NewDatabase" TO public;
GRANT ALL ON DATABASE "NewDatabase" TO postgres;
GRANT ALL ON DATABASE "NewDatabase" TO mygs_user;

两个原始占用单独的表空间,而新的不占用:

CREATE TABLESPACE mygs_tablespace
  OWNER postgres
  LOCATION 'c:/MYGS_Database/PostgreSQL';



CREATE TABLESPACE datamodel_tablespace
  OWNER postgres
  LOCATION 'c:/MYGS_Database/MyDataModel';

这是普通用户:

CREATE ROLE mygs_user LOGIN
  SUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE;
GRANT "MYGS" TO mygs_user;

...以及共同的角色:

CREATE ROLE "MYGS"
  NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;

以下是 pg_hba.conf 文件内容:

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
# IPv4 local connections:
host    all         all         127.0.0.1/32            md5

如何在不授予超级用户权限的情况下授予对第三个数据库的普通用户的访问权限?

4

2 回答 2

2

I think you forgot to allow connecting to this database in pg_hba.conf configuration file.

You should probably add there something like:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
local   Newdatabase     MYGS                                    md5
于 2012-05-31T21:49:55.863 回答
0

经过进一步检查,权限被设置为在对象级别授权“MYGS”角色,而在数据库级别没有明确的权限。对于每个对象类型,以下代码解决了该问题:

表:

ALTER TABLE tableNameHere OWNER TO postgres;
GRANT ALL ON TABLE dtm_tableNameHereTO postgres;
GRANT SELECT, UPDATE, INSERT, DELETE ON TABLE tableNameHere TO "MYGS";

...功能:

ALTER FUNCTION functionNameHere(..) OWNER TO postgres;
GRANT EXECUTE ON FUNCTION functionNameHere(..) TO postgres;
GRANT EXECUTE ON FUNCTION functionNameHere(..) TO "MYGS";

...和序列:

ALTER TABLE sequenceNameHere OWNER TO postgres;
GRANT ALL ON TABLE sequenceNameHere TO postgres;
GRANT SELECT, UPDATE ON TABLE sequenceNameHere TO "MYGS";

虽然,解决方案工作不需要 postgres 用户。

于 2012-06-01T15:00:37.867 回答