PostgreSQL创建只读账号


-- 回收创建表的权限
 revoke create on schema public from public;
-- 创建账号
create user readonly with encrypted password 'pwd';
alter user readonly set default_transaction_read_only=on;
-- 给只读账号连接数据的权限
grant connect on database 数据库名 to readonly;
-- 在指定数据库下执行
grant usage on schema 可配置多个schema to readonly;
grant select on all sequences in schema public to readonly;
grant select on all tables in schema public to readonly;
-- 新建的表也要给只读账号权限
alter default privileges in schema public grant select on tables to readonly;
说明:只做记录备用,未测试;
     该命令存在缺陷,如一个库存在多个schema需一一赋予权限,可能并非是最好的处理方式