KingbaseES 创建只读（read_only）用户

数据库版本：

prod=> select version();
                                                       version                                                        
----------------------------------------------------------------------------------------------------------------------
 KingbaseES V008R006C005B0023 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46), 64-bit
(1 row)

创建用户及指定密码：

test=# CREATE USER u_r WITH ENCRYPTED PASSWORD '123456';
CREATE ROLE

设置用户默认事务只读：

test=# alter user u_r set default_transaction_read_only=on;
ALTER ROLE

test=# \du
                                   List of roles
 Role name |                         Attributes                         | Member of 
-----------+------------------------------------------------------------+-----------
 sao       | No inheritance                                             | {}
 sso       | No inheritance                                             | {}
 system    | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
 tom       |                                                            | {}
 u_r       |                                                            | {}

赋予用户权限，查看public模式下所有表：

test=# GRANT USAGE ON SCHEMA public to u_r;
GRANT
test=# ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO u_r;
ALTER DEFAULT PRIVILEGES

赋予用户连接数据库权限：

test=# GRANT CONNECT ON DATABASE prod to u_r;
GRANT

切换到指定数据库：

test=# \c prod
You are now connected to database "prod" as user "system".
prod=# \d
               List of relations
 Schema |        Name         | Type  | Owner  
--------+---------------------+-------+--------
 public | sys_stat_statements | view  | system
 public | t1                  | table | system
 public | t2                  | table | system
 public | t3                  | table | system
 public | t4                  | table | system
 public | tmp_t0              | table | system
(6 rows)

赋予用户表、序列查看权限：

prod=# GRANT USAGE ON SCHEMA public to u_r;
GRANT
prod=# GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO u_r;
GRANT
prod=# GRANT SELECT ON ALL TABLES IN SCHEMA public TO u_r;
GRANT

用户连接数据库测试：

prod=# \c prod u_r
You are now connected to database "prod" as user "u_r".

# 无法创建数据库对象（read_only）
prod=> create table t1 (id int);
ERROR:  cannot execute CREATE TABLE in a read-only transaction
prod=> \d
               List of relations
 Schema |        Name         | Type  | Owner  
--------+---------------------+-------+--------
 public | sys_stat_statements | view  | system
 public | t1                  | table | system
 public | t2                  | table | system
 public | t3                  | table | system
 public | t4                  | table | system
 public | tmp_t0              | table | system
(6 rows)

prod=> select * from t1 limit 3; 
 id | name 
----+------
 10 | abc
 20 | ABC
(2 rows)

# 无法执行DML操作（read_only）
prod=> delete from t1 where id=10;
ERROR:  cannot execute DELETE in a read-only transaction

posted @ 2022-03-11 10:10 KINGBASE研究院阅读(1027) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

相关博文：

· KingbaseES 的角色和权限管理

· KingbaseES角色和权限介绍

· KingbaseES创建只读（read_only）用户

· mysql数据库如何创建只读用户

· postgresql命令创建只读用户

公告

昵称： KINGBASE研究院
园龄： 3年9个月
粉丝： 97
关注： 0

+加关注

2025年3月

日

一

二

三

四

五

六

KINGBASE研究院

KingbaseES 创建只读（read_only）用户

公告

搜索

常用链接

我的标签

随笔分类

随笔档案

阅读排行榜

评论排行榜

推荐排行榜

最新评论