mil*_*ose 110 postgresql
我正在尝试为我正在处理的应用程序创建受限制的数据库用户,我想删除我正在用于实验的Postgres数据库用户.有没有办法放弃用户而不必先手动撤销所有权限,或撤销用户拥有的所有授权?
Tim*_*ane 129
怎么样
DROP USER <username>
这实际上是别名DROP ROLE.
您必须明确删除与该用户关联的任何权限,还要将其所有权移至其他角色(或删除该对象).
这是最好的实现
REASSIGN OWNED BY <olduser> TO <newuser>
和
DROP OWNED BY <olduser>
后者将删除授予用户的任何权限.
请参阅有关DROP ROLE的postgres文档以及更详细的说明.
加成:
显然,尝试通过使用此处提到的命令来删除用户只有在连接到原始GRANTS所在的同一数据库时执行它们才会起作用,如下所述:
Sas*_*ser 44
在尝试REASSIGN OWNED BY或DROP OWNED BY时,接受的答案导致我的错误.以下对我有用:
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM username;
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM username;
REVOKE ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public FROM username;
DROP USER username;
用户可能拥有其他模式的权限,在这种情况下,您必须运行相应的REVOKE行,并将"public"替换为正确的模式.要显示用户的所有模式和权限类型,我编辑了\ dp命令来进行此查询:
SELECT
n.nspname as "Schema",
CASE c.relkind
WHEN 'r' THEN 'table'
WHEN 'v' THEN 'view'
WHEN 'm' THEN 'materialized view'
WHEN 'S' THEN 'sequence'
WHEN 'f' THEN 'foreign table'
END as "Type"
FROM pg_catalog.pg_class c
LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace
WHERE pg_catalog.array_to_string(c.relacl, E'\n') LIKE '%username%';
我不确定哪些特权类型对应于在TABLES,SEQUENCES或FUNCTIONS上撤销,但我认为它们都属于三者之一.
小智 16
另请注意,如果您已明确授予:
CONNECT ON DATABASE xxx TO GROUP ,
你将需要与DROP OWNED BY分开撤销,使用:
REVOKE CONNECT ON DATABASE xxx FROM GROUP
Har*_*vey 16
这对我有用:
DROP OWNED BY dbuser
进而:
DROP USER dbuser
Pre*_*eti 15
这是最终对我有用的东西:
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA myschem FROM user_mike;
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA myschem FROM user_mike;
REVOKE ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA myschem FROM user_mike;
REVOKE ALL PRIVILEGES ON SCHEMA myschem FROM user_mike;
ALTER DEFAULT PRIVILEGES IN SCHEMA myschem REVOKE ALL ON SEQUENCES FROM user_mike;
ALTER DEFAULT PRIVILEGES IN SCHEMA myschem REVOKE ALL ON TABLES FROM user_mike;
ALTER DEFAULT PRIVILEGES IN SCHEMA myschem REVOKE ALL ON FUNCTIONS FROM user_mike;
REVOKE USAGE ON SCHEMA myschem FROM user_mike;
REASSIGN OWNED BY user_mike TO masteruser;
DROP USER user_mike ;
这应该有效:
REVOKE ALL ON SCHEMA public FROM myuser;
REVOKE ALL ON DATABASE mydb FROM myuser;
DROP USER myuser;
Postgres文档对此有明确的答案 - 这是唯一认可的答案:
REASSIGN OWNED BY doomed_role TO successor_role;
DROP OWNED BY doomed_role;
-- repeat the above commands in each database of the cluster
DROP ROLE doomed_role;
关键点:
-- repeat the above commands in each database of the cluster"it's typically necessary to run both REASSIGN OWNED and DROP OWNED (in that order!) to fully remove the dependencies of a role to be dropped."小智 5
我必须再添加一行以撤消...
运行后:
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM username;
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM username;
REVOKE ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public FROM username;
我仍然收到错误: 无法删除用户名,因为某些对象依赖该用户名。DETAIL:模式公共的特权
我错过了这个:
REVOKE USAGE ON SCHEMA public FROM username;
然后,我可以放弃这个角色。
DROP USER username;
没有REVOKE ALL PRIVILEGES ON ALL VIEWS,所以我结束了:
do $$
DECLARE r record;
begin
for r in select * from pg_views where schemaname = 'myschem'
loop
execute 'revoke all on ' || quote_ident(r.schemaname) ||'.'|| quote_ident(r.viewname) || ' from "XUSER"';
end loop;
end $$;
和平常一样:
REVOKE ALL PRIVILEGES ON DATABASE mydb FROM "XUSER";
REVOKE ALL PRIVILEGES ON SCHEMA myschem FROM "XUSER";
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA myschem FROM "XUSER";
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA myschem FROM "XUSER";
REVOKE ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA myschem FROM "XUSER";
为了实现以下目标:
drop role "XUSER";
| 归档时间: |
|
| 查看次数: |
119097 次 |
| 最近记录: |