我在 postgres 上有一个管理员角色/用户和一个开发人员角色。开发人员角色继承了我为将来方便而创建的“readaccess”角色的属性。如果我运行 \du 我得到:
Role name | Attributes | Member of
-----------------+------------------------------------------------------------+-------------------
developers | | {readaccess}
rds_replication | Cannot login | {}
rds_superuser | Cannot login | {rds_replication}
rdsadmin | Superuser, Create role, Create DB, Replication, Bypass RLS+| {}
| Password valid until infinity |
rdsrepladmin | No inheritance, Cannot login, Replication | {}
readaccess | Cannot login +| {}
| Password valid until infinity |
admin | Create role, Create DB +| {rds_superuser}
| Password valid until infinity |
我已通过以下方式授予对我的开发人员帐户和我的 readaccess 帐户的读取权限
GRANT SELECT ON ALL TABLES IN SCHEMA mySchema TO developers;
ALTER DEFAULT PRIVILEGES IN SCHEMA mySchema GRANT SELECT ON TABLES TO developers;
GRANT SELECT ON ALL TABLES IN SCHEMA mySchema TO readaccess;
ALTER DEFAULT PRIVILEGES IN SCHEMA mySchema GRANT SELECT ON TABLES TO readaccess;
如果我在 mySchema 中的一个表上运行命令 \z
myDb=> \z mySchema.myTable;
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
---------+------------------------+-------+-------------------------+-------------------+----------
mySchema| myTable | table | admin=arwdDxt/admin+ | |
| | | developers=r/admin | |
(1 row)
但是我无法运行选择——它说我没有权限
myDB=> select * from mySchema.myTable;
ERROR: permission denied for schema mySchema
LINE 1: select * from mySchema.myTable;
有人可以帮忙吗?
