[英]Postgres - new role with SELECT shows empty table, whereas superuser role shows data in same table
thank for taking the time to try answer/understand this question.感谢您花时间尝试回答/理解这个问题。
I am using AWS Aurora Postgres (Engine version: 13.4) database.我正在使用 AWS Aurora Postgres(引擎版本:13.4)数据库。 I referred to this document for creating readwrite
and readonly
roles for 2 new rdsiam
users -> "dev_ro" and "dev_rw".我参考此文档为 2 个新的rdsiam
用户创建readwrite
和readonly
角色 -> “dev_ro”和“dev_rw”。 I have granted readwrite
role to "dev_rw" and readonly
to "dev_ro".我已将readwrite
角色授予“dev_rw”,将readonly
角色授予“dev_ro”。 The additional changes are:额外的变化是:
myschema
is "public" - which is my default schema myschema
是“public”——这是我的默认模式With this in mind, here is what I have done:考虑到这一点,这就是我所做的:
jobs
table can never be empty我运行我的应用程序,它添加了一些重复的作业(作业本身安排),这意味着jobs
表永远不会为空SELECT * FROM graphile_worker.jobs
in my IDE (dbeaver - shouldn't matter, I think)我在我的 IDE 中运行SELECT * FROM graphile_worker.jobs
(dbeaver - 我认为应该无关紧要)I don't know why this is happening.我不知道为什么会这样。 I double-checked, both "dev_ro/w" (through the roles) and superuser, have:我仔细检查了“dev_ro/w”(通过角色)和超级用户,都有:
CONNECT
to database (without doubt) CONNECT
到数据库(毫无疑问)SELECT
on all tables of graphile_worker
schema SELECT
在graphile_worker
模式的所有表上USAGE
on the graphile_worker
schema在USAGE
模式上的graphile_worker
graphile_worker.migrations
and the migration records show up as expected (on both devro/w and superuser)!此外,我可以查询graphile_worker.migrations
并且迁移记录按预期显示(在 devro/w 和超级用户上)!Please let me know if there is any more information that I can provide to help debug this issue.如果我可以提供更多信息来帮助调试此问题,请告诉我。
Removing Row-Level Security (RLS) solved this issue.删除行级安全性 (RLS) 解决了这个问题。 Thanks @Hambone for asking the right question.感谢@Hambone 提出了正确的问题。
RLS is removed by executing通过执行删除 RLS
ALTER ROLE <username> WITH BYPASSRLS
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.