- 對於未來的表賦權
--如果想對新增的表有權限還需要賦予未來新增表的權限。
--用sa新建的表role_a還是沒有權限訪問。
--使用sa在schema1創建表test2
postgres=> \c postgres sa
You are now connected to database "postgres" as user "sa".
postgres=# create table schema1.test2(id int);
CREATE TABLE
postgres=# insert into schema1.test2 values(1);
INSERT 0 1
--role_a沒有權限訪問該表,
postgres=# \c postgres role_a;
You are now connected to database "postgres" as user "role_a".
postgres=> select * from schema1.test2;
錯誤: permission denied for table test2
--使用superuser賦權alter default privileges
postgres=> \c postgres sa
You are now connected to database "postgres" as user "sa".
postgres=# alter default privileges in schema schema1 grant select on tables to role_a;
ALTER DEFAULT PRIVILEGES
--訪問test2還是訪問不了,原因是修改了default privileges后,只是對授權之后創建的對象有效
postgres=> select * from schema1.test2;
錯誤: permission denied for table test2
--再次建test3表
postgres=# create table schema1.test3(id int);
CREATE TABLE
postgres=# insert into schema1.test3 values(1);
INSERT 0 1
--role_a可以訪問了
postgres=# \c postgres role_a
You are now connected to database "postgres" as user "role_a".
postgres=> select * from schema1.test3;
id
----
1
(1 row)