14

我不知道如何将每一项权利授予特定用户,我希望用户拥有架构上的每一项权利:

  • 在现有表上插入、删除、更新、选择……

我试过做:

    GRANT ALL PRIVILEGES ON SCHEMA schema to "user";
    GRANT ALL ON SCHEMA schema to "local_518561";
    GRANT ALL PRIVILEGES ON table schema.table to "user";
    GRANT ALL ON table schema.table to "user";

查询返回成功,但每次我使用其他用户时,我都会收到权限不足错误。

4

3 回答 3

22 
GRANT ALL PRIVILEGES ON                  SCHEMA schema_name TO role_name;
GRANT ALL PRIVILEGES ON ALL TABLES    IN SCHEMA schema_name TO role_name;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA schema_name TO role_name;
于 2013-01-25T01:00:40.490 回答
4

如果您使用的是 PostgreSQL < 9 的版本,您可以使用以下存储过程来管理表和序列的权限:

CREATE OR REPLACE FUNCTION grantTablesOfSchema (user VARCHAR,
   permissions VARCHAR, schema VARCHAR) RETURNS VARCHAR AS
$body$
DECLARE
  regActual   RECORD;
  numTables   INTEGER;
BEGIN

   numTables := 0;

   FOR regActual IN
      SELECT tablename FROM pg_tables WHERE schemaname = schema
   LOOP
      numTables := numTables + 1;

      EXECUTE 'GRANT ' || permissions || ' ON ' || schema || '.' || regActual.tablename || ' TO ' || user;
   END LOOP;

   RETURN 'Tables: ' || numTables::VARCHAR;
END;
$body$
LANGUAGE 'plpgsql';


CREATE OR REPLACE FUNCTION grantSequencesOfSchema (user VARCHAR,
   permissions VARCHAR, database VARCHAR, schema VARCHAR) RETURNS VARCHAR AS
$body$
DECLARE
   regActual       RECORD;
   numSequences    INTEGER;
BEGIN

   numSequences := 0;

   FOR regActual IN
      SELECT sequence_catalog, sequence_schema, sequence_name 
      FROM information_schema.sequences 
      WHERE sequence_catalog = database AND sequence_schema = schema
   LOOP
      numSequences := numSequences + 1;

      EXECUTE 'GRANT ' || permissions || ' ON ' || schema || '.' || regActual.sequence_name || ' TO ' || user;
   END LOOP;

   RETURN 'Sequences: ' || numSequences::VARCHAR;
END;
$body$
LANGUAGE 'plpgsql';

以及一个使用示例:

CREATE USER user1 WITH PASSWORD 'user1@user1?user1';
GRANT CONNECT ON DATABASE database1 TO user1;
GRANT USAGE ON SCHEMA schema1 TO user1;

SELECT * FROM grantTablesOfSchema ('user1', 'SELECT, UPDATE, INSERT, DELETE', 'schema1');

SELECT * FROM grantSequencesOfSchema ('user1', 'ALL', 'database1', 'schema1');

相反,如果您的 PostgreSQL 版本 >= 9:

GRANT ALL ON ALL SEQUENCES IN SCHEMA schema1 TO user1;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA schema1 TO user1;
于 2011-07-28T08:41:06.497 回答
3

答案在于序列,如果您不授予表和序列(如果有)的权限,则您无法插入。

于 2011-07-23T10:24:04.857 回答