@R_396_4045@ion_schema.table_privileges表记录着所有用户的权限信息。
postgres=# \d+ @R_396_4045@ion_schema.table_privileges
View "@R_396_4045@ion_schema.table_privileges"
Column | Type | Modifiers | Storage | Description
----------------+-----------------------------------+-----------+----------+-------------
grantor | @R_396_4045@ion_schema.sql_identifier | | extended | 授权者
grantee | @R_396_4045@ion_schema.sql_identifier | | extended | 被授权者
table_catalog | @R_396_4045@ion_schema.sql_identifier | | extended | 数据库名
table_schema | @R_396_4045@ion_schema.sql_identifier | | extended | schema名
table_name | @R_396_4045@ion_schema.sql_identifier | | extended | 表名
privilege_type | @R_396_4045@ion_schema.character_data | | extended | 对表的操作权限
is_grantable | @R_396_4045@ion_schema.yes_or_no | | extended |
with_hierarchy | @R_396_4045@ion_schema.yes_or_no | | extended |
View deFinition:
SELECT u_grantor.rolname::@R_396_4045@ion_schema.sql_identifier AS grantor,grantee.rolname::@R_396_4045@ion_schema.sql_identifier AS grantee,current_database()::@R_396_4045@ion_schema.sql_identifier AS table_catalog,nc.nspname::@R_396_4045@ion_schema.sql_identifier AS table_schema,c.relname::@R_396_4045@ion_schema.sql_identifier AS table_name,c.prtype::@R_396_4045@ion_schema.character_data AS privilege_type,CASE WHEN pg_has_role(grantee.oid,c.relowner,'USAGE'::text) OR c.grantable THEN 'YES'::text ELSE 'NO'::text END::@R_396_4045@ion_schema.yes_or_no AS is_grantable,CASE WHEN c.prtype = 'SELECT'::text THEN 'YES'::text ELSE 'NO'::text END::@R_396_4045@ion_schema.yes_or_no AS with_hierarchy FROM ( SELECT pg_class.oid,pg_class.relname,pg_class.relnamespace,pg_class.relkind,pg_class.relowner,(aclexplode(COALESCE(pg_class.relacl,acldefault('r'::"char",pg_class.relowner)))).grantor AS grantor,pg_class.relowner)))).grantee AS grantee,pg_class.relowner)))).privilege_type AS privilege_type,pg_class.relowner)))).is_grantable AS is_grantable FROM pg_class) c(oid,relname,relnamespace,relkind,relowner,grantor,grantee,prtype,grantable),pg_namespace nc,pg_authid u_grantor,( SELECT pg_authid.oid,pg_authid.rolname FROM pg_authid UNION ALL SELECT 0::oid AS oid,'PUBLIC'::name) grantee(oid,rolname) WHERE c.relnamespace = nc.oid AND (c.relkind = ANY (ARRAY['r'::"char",'v'::"char"])) AND c.grantee = grantee.oid AND c.grantor = u_grantor.oid AND (c.prtype = ANY (ARRAY['INSERT'::text,'SELECT'::text,'UPDATE'::text,'DELETE'::text,'TruncATE'::text,'REFERENCES'::text,'TRIGGER'::text])) AND (pg_has_role(u_grantor.oid,'USAGE'::text) OR pg_has_role(grantee.oid,'USAGE'::text) OR grantee.rolname = 'PUBLIC'::name);
现在创建一个角色并赋予SELECT权限,来观察该系统表的数据。
1. 创建角色
postgres=# create role john login NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT;
CREATE ROLE
-- 赋予数据库的链接权限
postgres=# GRANT CONNECT ON DATABASE postgres TO john;
GRANT
-- 赋予表的查询功能
postgres=# GRANT SELECT ON ALL TABLES IN SCHEMA public TO john;
GRANT
-- tb1表的INSERT INTO权限
postgres=# GRANT INSERT ON tb1 TO john;
GRANT
3. 查看该角色的所有权限
postgres=# SELECT * from @R_396_4045@ion_schema.table_privileges where grantee='john' order by privilege_type;
grantor | grantee | table_catalog | table_schema | table_name | privilege_type | is_grantable | with_hierarchy
----------+---------+---------------+--------------+----------------------+----------------+--------------+----------------
postgres | john | postgres | public | tb1 | INSERT | NO | NO postgres | john | postgres | public | book | SELECT | NO | YES postgres | john | postgres | public | weather | SELECT | NO | YES postgres | john | postgres | public | cities | SELECT | NO | YES postgres | john | postgres | public | tb1 | SELECT | NO | YES postgres | john | postgres | public | book2 | SELECT | NO | YES postgres | john | postgres | public | person | SELECT | NO | YES postgres | john | postgres | public | tb2 | SELECT | NO | YES postgres | john | postgres | public | orders | SELECT | NO | YES postgres | john | postgres | public | test_unlogged | SELECT | NO | YES postgres | john | postgres | public | test | SELECT | NO | YES postgres | john | postgres | public | system_monitor | SELECT | NO | YES postgres | john | postgres | public | tb3 | SELECT | NO | YES postgres | john | postgres | public | pg_stat_statements | SELECT | NO | YES postgres | john | postgres | public | view_business_device | SELECT | NO | YES postgres | john | postgres | public | student | SELECT | NO | YES postgres | john | postgres | public | pgbench_tellers | SELECT | NO | YES postgres | john | postgres | public | pgbench_branches | SELECT | NO | YES postgres | john | postgres | public | pgbench_accounts | SELECT | NO | YES postgres | john | postgres | public | pgbench_history | SELECT | NO | YES postgres | john | postgres | public | goods | SELECT | NO | YES postgres | john | postgres | public | bloat | SELECT | NO | YES (22 rows)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
