堆栈内存溢出
  简体   繁体   English

如何将用户降级为只读?

[英]How to downgrade user to read only?

 原文  2022-02-21 16:58:19       amazon-web-services/ amazon-redshift

问题描述

There are some users in the Redshift data warehouse who have read and edit permissions. Redshift 数据仓库中有一些用户具有读取和编辑权限。 What query should I run to remove their edit permissions so that they can only do select queries?我应该运行什么查询来删除他们的编辑权限,以便他们只能执行 select 查询?

1 个解决方案

解决方案1
 1  2022-02-21 17:59:09

The SQL command you are looking for is REVOKE - https://docs.aws.amazon.com/redshift/latest/dg/r_REVOKE.html您要查找的 SQL 命令是 REVOKE - https://docs.aws.amazon.com/redshift/latest/dg/r_REVOKE.html

Now to get the exact command(s) you want to run a few more pieces of information will be needed.现在要获得您想要运行的确切命令,还需要一些信息。 But first a quick overview of Redshift permissions.但首先快速概述一下 Redshift 权限。 In many database like Redshift users don't (in general) have permissions, the objects have access information about which users/groups can perform which actions.在像 Redshift 这样的许多数据库中,用户(通常)没有权限,对象具有关于哪些用户/组可以执行哪些操作的访问信息。 So there is no 'make this user be read-only always' command.所以没有“让这个用户永远只读”的命令。 REVOKE can act on databases, schemas, tables, and views but these actions only apply to currently existing objects. REVOKE 可以对数据库、模式、表和视图进行操作,但这些操作仅适用于当前存在的对象。 Objects created in the future will have the access rights assigned by the creating users default ACL.以后创建的对象将具有创建用户默认 ACL 分配的访问权限。

Now to the questions - are all these users part of a group and the only members of this group?现在问题来了——所有这些用户都是一个组的一部分并且是这个组的唯一成员吗? If so you will likely want to apply the REVOKE to the group.如果是这样,您可能希望将 REVOKE 应用于该组。 Is this restriction for existing tables or do you want them to not be able to create new table (even temp table) in all schemas and database?这是对现有表的限制,还是您希望它们不能在所有模式和数据库中创建新表(甚至是临时表)? This will impact what object types you want to revoke rights.这将影响 object 哪些类型要撤销权限。 Have you or your DBAs changed the default ACLs on the database?您或您的 DBA 是否更改了数据库的默认 ACL? These may need to be updated to prevent write accesses being given on future objects in the database.这些可能需要更新以防止对数据库中的未来对象进行写访问。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 firebase规则如何让用户只能读取他的数据 - firebase rules how to make user can read only his data 如何降级内部版本 nuget package - How to downgrade the version of internal nuget package 如何定义只有登录用户才能读取和写入所有 collections 和子集合的安全规则? - How do I define the security rules where only logged in user can read and write all of the collections and subcollection? 我可以在 Google Cloud SQL 中创建只读用户吗 - Can I create a read-only user in Google Cloud SQL 在 AWS Oracle Rds 19c 中创建只读用户 - Creating Read only user in AWS Oracle Rds 19c 如何降级 GKE master 并退出 Rapid 通道 - How can I downgrade GKE master and exit Rapid channel 如何将用户的 Firestore Map 读取为 Swift 字典? - How do I read a User's Firestore Map to a Swift Dictionary? 如何在 Azure DevOps Pipeline 中设置和读取用户环境变量? - How to set and read user environment variable in Azure DevOps Pipeline? 如何授予对 gcp 云 sql 的连接只读访问权限 - How to grant connectivity read only access to gcp cloud sql 如何只从谷歌云存储中读取 csv 的第一行? - How to read only first row of csv from Google Cloud Storage?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM