1.CREATE ROLE創建的用戶默認不帶LOGIN屬性,而CREATE USER創建的用戶默認帶有LOGIN屬性,如下:
postgres=# CREATE ROLE pg_test_user_1; /*默認不帶LOGIN屬性*/ CREATE ROLE postgres=# CREATE USER pg_test_user_2; /*默認具有LOGIN屬性*/ CREATE ROLE postgres=# \du List of roles Role name | Attributes | Member of ----------------+--------------+----------- pg_test_user_1 | Cannot login | {} pg_test_user_2 | | {} postgres | Superuser | {} : Create role : Create DB postgres=#
2.在創建用戶時賦予角色屬性
postgres=# CREATE ROLE pg_test_user_3 CREATEDB; /*具有創建數據庫的屬性*/ CREATE ROLE postgres=# \du List of roles Role name | Attributes | Member of ----------------+--------------+----------- pg_test_user_1 | Cannot login | {} pg_test_user_2 | | {} pg_test_user_3 | Create DB | {} : Cannot login postgres | Superuser | {} : Create role : Create DB postgres=# CREATE ROLE pg_test_user_4 CREATEDB PASSWORD '123456'; /*具有創建數據庫及帶有密碼登陸的屬性 */ CREATE ROLE postgres=# \du List of roles Role name | Attributes | Member of ----------------+--------------+----------- pg_test_user_1 | Cannot login | {} pg_test_user_2 | | {} pg_test_user_3 | Create DB | {} : Cannot login pg_test_user_4 | Create DB | {} : Cannot login postgres | Superuser | {} : Create role : Create DB postgres=#
3.給已存在用戶賦予各種權限
使用ALTER ROLE即可。
postgres=# \du List of roles Role name | Attributes | Member of ----------------+--------------+----------- pg_test_user_3 | Create DB | {} : Cannot login pg_test_user_4 | Create DB | {} : Cannot login postgres | Superuser | {} : Create role : Create DB postgres=# ALTER ROLE pg_test_user_3 WITH LOGIN; /*賦予登錄權限*/ ALTER ROLE postgres=# \du List of roles Role name | Attributes | Member of ----------------+--------------+----------- pg_test_user_3 | Create DB | {} pg_test_user_4 | Create DB | {} : Cannot login postgres | Superuser | {} : Create role : Create DB postgres=# ALTER ROLE pg_test_user_4 WITH CREATEROLE;/*賦予創建角色的權限*/ ALTER ROLE postgres=# \du List of roles Role name | Attributes | Member of ----------------+--------------+----------- pg_test_user_3 | Create DB | {} pg_test_user_4 | Create role | {} : Create DB : Cannot login postgres | Superuser | {} : Create role : Create DB postgres=# ALTER ROLE pg_test_user_4 WITH PASSWORD '654321';/*修改密碼*/ ALTER ROLE postgres=# ALTER ROLE pg_test_user_4 VALID UNTIL 'JUL 7 14:00:00 2012 +8'; /*設置角色的有效期* ALTER ROLE
4.查看角色表中的信息:
postgres=# SELECT * FROM pg_roles; rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcatupdate | rolcanlogin | rolconnlimit | rolpassword | rolvaliduntil | rol config | oid ----------------+----------+------------+---------------+-------------+--------------+-------------+--------------+-------------+------------------------+---- -------+------- postgres | t | t | t | t | t | t | -1 | ******** | | | 10 pg_test_user_3 | f | t | f | t | f | t | -1 | ******** | | | 16390 pg_test_user_4 | f | t | t | t | f | f | -1 | ******** | 2012-07-07 14:00:00+08 | | 16391 (3 rows) postgres=#
5.ALTER ROLE語句簡介:
ALTER ROLE 名稱 ALTER ROLE -- 修改一個數據庫角色 語法 ALTER ROLE name [ [ WITH ] option [ ... ] ] 這里的 option 可以是: SUPERUSER | NOSUPERUSER | CREATEDB | NOCREATEDB | CREATEROLE | NOCREATEROLE | CREATEUSER | NOCREATEUSER | INHERIT | NOINHERIT | LOGIN | NOLOGIN | CONNECTION LIMIT connlimit | [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password' | VALID UNTIL 'timestamp' ALTER ROLE name RENAME TO newname ALTER ROLE name SET configuration_parameter { TO | = } { value | DEFAULT } ALTER ROLE name RESET configuration_parameter描述 ALTER ROLE 修改一個數據庫角色的屬性。