檢視PG資料庫的權限情況

1. 使用者權限

對 執行個體的登入或者對db 的ddl 權限方面 是放在 pg_role 表中的.

pconline=> select * from pg_roles ;
-[ RECORD 1 ]--+---------------------------------
rolname        | repl
rolsuper       | f
rolinherit     | t
rolcreaterole  | f
rolcreatedb    | f
rolcatupdate   | f
rolcanlogin    | t
rolreplication | t
rolconnlimit   | -1
rolpassword    | ********
rolvaliduntil  | 
rolconfig      | 
oid            | 16384
           

針對 TABLE , COLUMN , 函數, 自定義函數, 以及usage 權限, 是存在information_schema下的表中的.

information_schema 存儲了目前db 下面的對象的權限. 例如: 
select * from information_schema.role_table_grants  where grantee='lsliang';
-[ RECORD 2 ]--+-----------------------------------------
grantor        | pc
grantee        | lsliang
table_catalog  | pc
table_schema   | pc
table_name     | temp_20160513
privilege_type | SELECT
is_grantable   | NO
with_hierarchy | YES
           

1. 對象上的權限

如果要檢視某個表上 有哪些權限.

可以用指令行指令:

pconline=> \dp temp_20160513 
Access privileges
-[ RECORD 1 ]------------+-----------------------------
Schema                   | pc
Name                     | temp_20160513
Type                     | table
Access privileges        | pc=arwdDxt/pc
                         | pc_reader=r/pc
                         | pgreader_pc=r/pc
                         | u1=r/pc
                         | u2=r/pc
                         | user3=r/pc
Column access privileges |
           

其中的權限字段 arwdDxt

a = insert

r = select

w= update

d = delete

D = truncate

x = reference

t = trigger

還有一個是查詢PG_CLASS 系統視圖:

pconline=> select * from pg_class where relname='temp_20160513'; 
-[ RECORD 1 ]--+----------------------------------------------------------------------------------------------------------------------------------------------------
relname        | temp_20160513
relnamespace   | 24585
reltype        | 5471707
reloftype      | 0
relowner       | 24577
relam          | 0
relfilenode    | 5491139
reltablespace  | 0
relpages       | 285
reltuples      | 64310
relallvisible  | 285
reltoastrelid  | 0
reltoastidxid  | 0
relhasindex    | f
relisshared    | f
relpersistence | p
relkind        | r
relnatts       | 1
relchecks      | 0
relhasoids     | f
relhaspkey     | f
relhasrules    | f
relhastriggers | f
relhassubclass | f
relfrozenxid   | 1102384891
relacl         | {pc=arwdDxt/pc,pc_reader=r/pc,pgreader_pc=r/pc,u1=r/pc,u2=r/pc,user3=r/pc}