2
我在同一模式下从postgreSql中的超级用户创建了两个角色。PostgreSQL:访问其他用户拥有的表
1)read_only_with_create_view
2)READ_WRITE
然后,我已经创建了两个用户从每个角色。 (read_only_with_create_view_user和read_write)
现在由read_only_with_create_view_user创建的任何新视图都不能由read_write_user作为视图的所有者(read_only_with_create_view_user)访问。
那么通过read_write_user访问所有新视图的方式是什么?
基本上我试图实现的是一个用户创建的所有东西都应该可以被其他用户访问。
我的步骤如下:
CREATE ROLE read_only_role WITH
NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';
GRANT CONNECT ON DATABASE mydb to read_only_role;
GRANT USAGE,CREATE ON SCHEMA myschema TO read_only_role;
GRANT SELECT ON ALL TABLES IN SCHEMA myschema TO read_only_role;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA myschema TO read_only_role;
CREATE USER read_only_with_create_view_user
WITH PASSWORD '*****'
in ROLE read_only_role;
-- Now created new views using this role. That means read_only_with_create_view_user is owner of those views.
-- Creating new read-write role.
CREATE ROLE rw_role WITH
NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity' IN ROLE read_only_role;
GRANT CONNECT ON DATABASE mydb to rw_role;
GRANT USAGE ON SCHEMA myschema TO crn_rw_role_qa;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA myschema TO rw_role;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA myschema TO rw_role;
CREATE USER read_write_user
WITH PASSWORD '*****'
in role rw_role;
So after login with read_write_user when I try to access new views created by read_only_with_create_view_user, I get below error
ERROR: permission denied for relation view_name
********** Error **********
ERROR: permission denied for relation view_name
SQL state: 42501
感谢,
人士Himanshu
我已经尝试过这种方式在创建角色语法为“在角色中创建角色...”,但read_only_with_create_view_user创建的新视图不能由read_write_user访问。它说错误:许可被拒绝关系视图名称 **********错误********** 错误:权限被拒绝关系视图名称 SQL状态:42501 –
您必须显示您的尝试。使用您发布的命令更新您的问题。 –
另外,检查你的角色是否有'INHERIT'属性。 –