错误:对于字符46处的架构user1_gmail_com,权限被拒绝

Question

错误:对于字符46处的架构user1_gmail_com,权限被拒绝

我需要限制用户,仅访问特定的模式表.所以我尝试了以下查询并以user1_gmail_com登录.但是当我尝试浏览任何架构表时出现以下错误.

我的查询:

SELECT clone_schema('my_application_template_schema','user1_gmail_com');
CREATE USER user1_gmail_com WITH PASSWORD 'myloginpassword';
REVOKE  ALL ON ALL TABLES IN SCHEMA user1_gmail_com FROM PUBLIC;
GRANT SELECT ON ALL TABLES IN SCHEMA user1_gmail_com TO user1_gmail_com;

Run Code Online (Sandbox Code Playgroud)

SQL错误:

ERROR:  permission denied for schema user1_gmail_com at character 46
In statement:
SELECT COUNT(*) AS total FROM (SELECT * FROM "user1_gmail_com"."organisations_table") AS sub

Run Code Online (Sandbox Code Playgroud)

更新的工作查询:

SELECT clone_schema('my_application_template_schema','user1_gmail_com');
CREATE USER user1_gmail_com WITH PASSWORD 'myloginpassword';
REVOKE  ALL ON ALL TABLES IN SCHEMA user1_gmail_com FROM PUBLIC;
GRANT USAGE ON SCHEMA user1_gmail_com TO user1_gmail_com;
GRANT SELECT ON ALL TABLES IN SCHEMA user1_gmail_com TO user1_gmail_com;

Run Code Online (Sandbox Code Playgroud)

Answer 1

小智 67

您不仅需要授予对模式中的表的访问权限,还需要授予模式本身的访问权限.

从手册:

默认情况下,用户无法访问他们不拥有的模式中的任何对象.为此,架构的所有者必须为架构授予USAGE特权.

因此,要么将创建的用户设置为架构的所有者,要么将架构上的USAGE授予此用户.

Engstrom很棒.我添加了以下查询.它工作正常.在SCHEMA user1_gmail_com上授予用户权限给user1_gmail_com; (14认同)

Answer 2

Sté*_*ane 37

这困惑了我.仍然不确定我是否正确处理它.\h grant在psql中运行语法.以下是我如何设法让我的其他用户和群组按需要工作:

GRANT ALL PRIVILEGES ON SCHEMA foo TO GROUP bar;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA foo TO GROUP bar;

Run Code Online (Sandbox Code Playgroud)

显然,当`zz`是数据库`xx`的模式时,'在数据库xx到yy`上授予所有特权并不意味着"在SCHEMA zz上使用",奇怪的是 (4认同)

归档时间：	12 年，2 月前
查看次数：	61439 次
最近记录：	6 年，11 月前