[英]Non-SuperUser Database Management
I am using the PostgreSql manual and other guides to setup my database environment. 我正在使用PostgreSql手册和其他指南来设置我的数据库环境。 So far things are looking good, but I am wondering if I have a problem.
到目前为止,事情看起来很好,但我想知道我是否有问题。
I am trying to apply this: Tip It is good practice to create a role that has the CREATEDB and CREATEROLE privileges, but is not a superuser, and then use this role for all routine management of databases and roles. 我试图应用这个:提示最好创建一个具有CREATEDB和CREATEROLE权限但不是超级用户的角色,然后将此角色用于数据库和角色的所有例行管理。 This approach avoids the dangers of operating as a superuser for tasks that do not really require it.
这种方法避免了作为超级用户操作的危险,而不是真正需要它的任务。
I have already created a user for this role. 我已经为这个角色创建了一个用户。
createuser --interactive --pwprompt
Enter name of role to add: Manager
Enter password for new role:
Enter it again:
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) y
...and connected to an already existing database as the new user (Manager) Or so I thought. ...并以新用户(Manager)的身份连接到现有数据库或者我认为。
psql -d test
Password for user postgres:
psql (11.2)
WARNING: Console code page (437) differs from Windows code page (1252)
8-bit characters might not work correctly. See psql reference
page "Notes for Windows users" for details.
Type "help" for help.
test=# \c test Manager
Password for user Manager
WARNING: Console code page (437) differs from Windows code page (1252)
8-bit characters might not work correctly. See psql reference
page "Notes for Windows users" for details.
You are now connected to database "test" as user "Manager".
test=>
I created a table for the database "test", but on checking it,the Owner isn't Manager, but postgres. 我为数据库“test”创建了一个表,但在检查它时,Owner不是Manager,而是postgres。
test=> \dt
List of relations
Schema | Name | Type | Owner
--------+---------------+-------+----------
public | Data-projects | table | postgres
(1 row)
test=> \dn
List of schemas
Name | Owner
--------+----------
public | postgres
(1 row)
I am not sure if this is good. 我不确定这是否好。 I expected the owner to be Manager.
我希望老板成为经理。 This is my first time using these tools.
这是我第一次使用这些工具。 Can someone guide me in the right direction, please?
有人可以指导我朝正确的方向发展吗? I want Manager to manage all the databases.
我希望Manager管理所有数据库。 Wouldn't that make him owner?
这不是他的主人吗? Thanks
谢谢
Database test
is not owned by Manager
because it was created by user postgres
. 数据库
test
不归Manager
所有,因为它是由用户postgres
创建的。 The user who created an object will be its owner. 创建对象的用户将是其所有者。
However, a superuser can transfer ownership: 但是,超级用户可以转让所有权:
ALTER DATABASE test OWNED BY "Manager";
I'll give you some additional tips: 我会给你一些额外的提示:
Only use lower case letters, numbers and _
in the names of objects and users, because otherwise you always have to user double quotes for them in SQL, like I did above. 只在对象和用户的名称中使用小写字母,数字和
_
,否则你总是必须在SQL中为它们使用双引号,就像我上面所做的那样。 That leads to needless suffering. 这会导致不必要的痛苦。
Run the following to make the database more secure: 运行以下命令以使数据库更安全:
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
Create a new schema that will hold the objects for your application: 创建一个新架构,用于存放应用程序的对象:
CREATE SCHEMA myapp;
Set the search_path
appropriately: 适当地设置
search_path
:
ALTER DATABASE test SET search_path = myapp, public;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.