1. 添加了白名单只读来避免开发同事错误的修改数据库内的数据, 但是他们总想去查询数据库的内容.
最简单的办法是修改pg_hba.conf添加只读用户.
2. 添加只读用户.
使用psql登录pg数据库
psql -U gscloud -d gscloud
效果为:
[root@centos76 zhaobsh]# psql -U gscloud -d gscloud Password for user gscloud: psql (10.7) Type "help" for help. gscloud=#
添加用户
create role gscloudreader with password 'Test6530';
添加usage的权限以及只读权限给用户
赋予usage权限 grant usage on schema gscloud to gscloudreader; 赋予查询权限 grant select on all tables in schema gscloud to gscloudreader;
赋予登录权限
alter user gscloudreader with login;
4. 修改pg_hba.conf的用户添加任意ip地址访问
# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 #host all all 0.0.0.0/0 md5 host gscloud gscloudreader 0.0.0.0/0 md5
5. 重启服务进行验证
systemctl restart postgresql-10
6. 验证能够正常登录测试.
7. 验证无法删除和修改.