我想创建一个以cp一些定义的权限命名的角色,然后我们将创建一些其他角色,这些角色将被授予 cp 角色。我知道 Oracle 可以胜任这项工作。例如grant resources to user_name;,这意味着向用户授予资源角色。我在 PostgreSQL 中做了以下测试,但它不起作用。有人知道吗?
--create role cp and grant privilege
postgres=# create role cp login nosuperuser nocreatedb nocreaterole
noinherit encrypted password 'cp';
CREATE ROLE
postgres=# grant connect on database skytf to cp;
GRANT
postgres=# \c skytf skytf;
You are now connected to database "skytf" as user "skytf".
skytf=> grant usage on schema skytf to cp;
GRANT
skytf=> grant select on skytf.test_1 to cp;
GRANT
--create role cp_1, and grant cp role privilege to cp_1
skytf=> \c postgres postgres
You are now connected to database "postgres" as user "postgres".
postgres=# create role cp_1 login nosuperuser nocreatedb nocreaterole
noinherit encrypted password 'cp_1';
CREATE ROLE
skytf=# grant cp to cp_1;
GRANT ROLE
--test cp_1
skytf=# \c skytf cp_1;
You are now connected to database "skytf" as user "cp_1".
skytf=> select * from skytf.test_1 limit 1;
ERROR: permission denied for schema skytf
LINE 1: select * from skytf.test_1 limit 1;
您明确地将角色设置为,
noinherit因此您需要在使用角色权限之前使用(但我猜您可能只是想)set rolecpselectcpinherit从文档:
您特别要求 pg 不要将“cp”的角色应用于用户“cp_1”。
尝试这样的事情:
create role cp_1 login nosuperuser nocreatedb nocreaterole inherit encrypted password 'cp_1' in role cp