本文通过具体实例展示了在HighGo数据库中,不同类型的用户权限之间存在明确的界限,即使将角色权限授予其他用户,也不能混用这些权限。
作者:瀚高PG实验室 (Highgo PG Lab)-海无涯
上次说到数据库用户的权限分为两大类,后来做测试的时候发现一个问题,就是这两大类权限是有很强的“界限”的。
举例如下:
highgo=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
highgo | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
test | | {}
trole | Create role | {}
highgo=# \c highgo test;
PSQL: Release 4.1.1
Connected to:
HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production
You are now connected to database "highgo" as user "test".
highgo=> create role eee;
错误: 42501: 创建角色的权限不够
highgo=> \c highgo trole
PSQL: Release 4.1.1
Connected to:
HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production
You are now connected to database "highgo" as user "trole".
highgo=> select user;
current_user
--------------
trole
(1 row)
highgo=> create role qqq;
CREATE ROLE
连接超级用户更改权限:
highgo=# grant trole to test;
GRANT ROLE
highgo=> \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
highgo | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
test | | {trole}
trole | Create role | {}
highgo=# \c highgo test;
PSQL: Release 4.1.1
Connected to:
HighGo Database V4.1 Enterprise Edition Release 4.1.1 - 64-bit Production
You are now connected to database "highgo" as user "test".
highgo=> create role eee;
错误: 42501: 创建角色的权限不够仍旧不能创建角色,说明两种权限不能混谈。
扫一扫
1218
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
