01,环境配置
创建用户,和schema
postgres=# create user test1 with password 'test1'; CREATE ROLE postgres=# create user test2 with password 'test2'; CREATE ROLE postgres=# create schema u1; CREATE SCHEMA postgres=# create schema u2; CREATE SCHEMA postgres=# insert into u1.txt1 values (1,'hello') ; INSERT 0 1 postgres=# insert into u1.txt2 values (2,'world') ; INSERT 0 1 postgres=# insert into u2.txt1 values (1,'hello') ; INSERT 0 1 postgres=# insert into u2.txt2 values (2,'world') ; INSERT 0 1 创建环境
02,权限访问
postgres=# select current_user -- 查看当前的schema postgres-# ; current_user -------------- postgres (1 row) postgres=# show search_path -- 看到当前是public schema postgres-# ; search_path ----------------- "$user", public (1 row) postgres=# \dt -- 查看当前的表,发现并没有刚刚创建的表 List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | test | table | postgres
postgres=# \c postgres test1 ; --登入到 test1 用户 You are now connected to database "postgres" as user "test1". postgres=> select current_user; ---查看当前用户 current_user -------------- test1 (1 row) postgres=> \dt; -- 发现当前只能读取public的表 List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | test | table | postgres (1 row) postgres=> show search_path ; ---看当前schema search_path ----------------- "$user", public (1 row) postgres=> set search_path = 'u1'; ---切换到u1 SET postgres=> show search_path ; -查看 search_path ------------- u1 (1 row) postgres=> \dt; --发现并没有 表出来,我不是创建的时候指定了吗? Did not find any relations. postgres=> set search_path = 'u1'; SET postgres=> show search_path ; search_path ------------- u1 (1 row) postgres=> \dt; Did not find any relations.
postgres=> select * from u1.test1; --- 查询,没有权限
ERROR: permission denied for schema u1
LINE 1: select * from u1.test1;
我们通过 postgres 用户来看下
postgres=> \c postgres postgres You are now connected to database "postgres" as user "postgres". postgres=# show search_path postgres-# ; search_path ----------------- "$user", public (1 row) postgres=# \d+ List of relations Schema | Name | Type | Owner | Size | Description --------+------+-------+----------+-------+------------- public | test | table | postgres | 16 kB | (1 row) postgres=# set search_path = u1; SET postgres=# \d+ List of relations Schema | Name | Type | Owner | Size | Description --------+------+-------+----------+------------+------------- u1 | txt1 | table | postgres | 8192 bytes | u1 | txt2 | table | postgres | 8192 bytes |
发现是没有问题的。是不是权限不够呢?
那我授权下
postgres=# grant SELECT on u1.txt1 to test1 ; GRANT postgres=# \c postgres test1; You are now connected to database "postgres" as user "test1". postgres=> \d+ List of relations Schema | Name | Type | Owner | Size | Description --------+------+-------+----------+-------+------------- public | test | table | postgres | 16 kB | (1 row) postgres=> set search_path = u1; SET postgres=> \d+ Did not find any relations. postgres=> select * from u1.txt1 ; ERROR: permission denied for schema u1 LINE 1: select * from u1.txt1 ; ^
发现还是权限不够
这时候其实是少了一个权限
postgres=# grant USAGE on SCHEMA u1 to test1 ; GRANT postgres=# \c postgres test1 ; You are now connected to database "postgres" as user "test1". postgres=> \dt ; List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | test | table | postgres (1 row) postgres=> set search_path = u1 ; SET postgres=> \dt ; List of relations Schema | Name | Type | Owner --------+------+-------+---------- u1 | txt1 | table | postgres u1 | txt2 | table | postgres
postgres=> select * from txt1
postgres-> ;
id | name
----+-------
1 | hello
1 | hello
(2 rows)
这样设置就可以了
所以一般使用schema 的时候注意:
1 需要用postgres 授权指定的schema 的使用(USAGE)权限给特定用户
2 然后授权postgres 需要的权限到特定用户
缺一不可