創建數據庫bbb且owner為用戶b:
postgres9.6@[local]:5432 postgres# create database bbb owner b; CREATE DATABASE Time: 259.099 ms
默認情況下使用用戶c也可以連接數據庫bbb:
postgres9.6@[local]:5432 postgres# \c bbb c You are now connected to database "bbb" as user "c".
回收public的connect on database bbb權限:
c@[local]:5432 bbb# \c postgres postgres9.6 You are now connected to database "postgres" as user "postgres9.6". postgres9.6@[local]:5432 postgres# revoke connect on database bbb from public; REVOKE Time: 2.088 ms
此時用戶c沒有了連接數據庫bbb的權限:
postgres9.6@[local]:5432 postgres# \c bbb c FATAL: permission denied for database "bbb" DETAIL: User does not have CONNECT privilege. Previous connection kept
但bbb數據庫的owner用戶b可以連接數據庫:
postgres9.6@[local]:5432 postgres# \c bbb b You are now connected to database "bbb" as user "b". b@[local]:5432 bbb#
此種情況下超級用戶也可以連接該數據庫:
b@[local]:5432 bbb# \c bbb postgres9.6
You are now connected to database "bbb" as user "postgres9.6".
postgres9.6@[local]:5432 bbb#
postgres9.6@[local]:5432 bbb# \du
List of roles
Role name | Attributes | Member of
-------------+------------------------------------------------------------+-----------
a | | {}
b | | {}
c | | {}
postgres9.6 | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
另外一種方法:從pg_hba.conf中限定:
# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust ... # host all all 0.0.0.0/0 md5
補充:Postgres限制每個用戶只能連接指定數量的session,防止服務器資源緊張
限制每個用戶只能連接指定數量的session,防止服務器資源緊張
(1)創建測試用戶test:
highgo=#create user test;
CREATEROLE
highgo=#\du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+----------
highgo | Superuser, Create role, Create DB, Replication | {}
test | | {}
(2)設置僅允許用戶test使用一個連接
highgo=#ALTER ROLE test CONNECTION LIMIT 1; ALTERROLE
(3)在session 1中使用test用戶連接highgo數據庫
highgo=>\c highgo test Youare now connected to database "highgo" as user "test". highgo=>
(4)在session 2中也使用test用戶連接highgo數據庫,會出現如下錯誤:
highgo=#\c highgo test 致命錯誤: 由角色"test"發起的連接太多了 Previousconnection kept
(5)查詢用戶test鏈接限制
highgo=>SELECT rolconnlimit FROM pg_roles WHERE rolname = 'test';
rolconnlimit
--------------
1
(1row)
以上為個人經驗,希望能給大家一個參考,也希望大家多多支持腳本之家。如有錯誤或未考慮完全的地方,望不吝賜教。
