| 【转】:PostgreSQL 9.5新功能 RLS行级安全策略详解 原作者:谭峰 创作时间:2016-01-10 17:57:25+08 |
doudou586 发布于2016-01-12 17:57:25
 评论: 5
 浏览: 19182
 顶: 3544
 踩: 3405
|
"Row-Level Security (RLS) support" 是9.5版本的主要特性之一,提供了基于行的安全策略,限制数据库用户的查看表数据权限, 先来看以下例子。
- 创建测试表,插入测试数据
fdb=> create table test_row(id serial primary key, username text, log_event text, create_time timestamp(0) without time zone default clock_timestamp()); CREATE TABLE fdb=> insert into test_row(username,log_event) values('user1','user1:aaa'); INSERT 0 1 fdb=> insert into test_row(username,log_event) values('user1','user1:aadsfdfa'); INSERT 0 1 fdb=> insert into test_row(username,log_event) values('user2','user2:aadsfdfa'); INSERT 0 1 fdb=> insert into test_row(username,log_event) values('user2','user2:test'); INSERT 0 1 fdb=> insert into test_row(username,log_event) values('user3','user3:test3'); INSERT 0 1 fdb=> insert into test_row(username,log_event) values('user3','user3:test3333'); INSERT 0 1 fdb=> insert into test_row(username,log_event) values('user4','user4:test3333'); INSERT 0 1 - 创建 user1,user2,user3 测试用户
[pg95@db1 ~]$ psql fdb psql (9.5alpha1) Type "help" for help. fdb=# create role user1 with login; CREATE ROLE fdb=# create role user2 with login; CREATE ROLE fdb=# create role user3 with login; CREATE ROLE fdb=> grant select on test_row to user1,user2,user3; GRANT fdb=> grant usage on schema fdb to user1,user2,user3; GRANT
- 以 user1 登陆可以查询全部数据
fdb=> \c fdb user1 You are now connected to database "fdb" as user "user1". fdb=> select * from fdb.test_row; id | username | log_event | create_time ----+----------+----------------+--------------------- 1 | user1 | user1:aaa | 2015-07-30 14:48:49 2 | user1 | user1:aadsfdfa | 2015-07-30 14:48:54 3 | user2 | user2:aadsfdfa | 2015-07-30 14:48:59 4 | user2 | user2:test | 2015-07-30 14:49:06 5 | user3 | user3:test3 | 2015-07-30 14:49:15 6 | user3 | user3:test3333 | 2015-07-30 14:49:24 7 | user4 | user4:test3333 | 2015-07-30 14:49:29 (7 rows)
备注:之前版本只要给数据库用户赋予 SELECT 权限,那么用户可以查看全表数据。
- 给表添加 policy
[pg95@db1 ~]$ psql fdb fdb psql (9.5alpha1) Type "help" for help. fdb=> CREATE POLICY policy_test_row ON test_row fdb-> FOR SELECT fdb-> TO PUBLIC fdb-> USING (username = current_user); CREATE POLICY fdb=> select relname,relrowsecurity from pg_class where relname='test_row'; relname | relrowsecurity ----------+---------------- test_row | f (1 row) fdb=> ALTER TABLE test_row ENABLE ROW LEVEL SECURITY; ALTER TABLE fdb=> select relname,relrowsecurity from pg_class where relname='test_row'; relname | relrowsecurity ----------+---------------- test_row | t (1 row)
备注:给表 test_row 添加 policy ,限制数据库登陆用户仅允许查看当前用户的日志记录。
- 测试
user1 用户登陆fdb=> \c fdb user1 You are now connected to database "fdb" as user "user1". fdb=> select * from fdb.test_row; id | username | log_event | create_time ----+----------+----------------+--------------------- 1 | user1 | user1:aaa | 2015-07-30 14:48:49 2 | user1 | user1:aadsfdfa | 2015-07-30 14:48:54 (2 rows)
user2 用户登陆fdb=> \c fdb user2 You are now connected to database "fdb" as user "user2". fdb=> select * from fdb.test_row; id | username | log_event | create_time ----+----------+----------------+--------------------- 3 | user2 | user2:aadsfdfa | 2015-07-30 14:48:59 4 | user2 | user2:test | 2015-07-30 14:49:06 (2 rows)
备注:user1 用户仅能查看 username 值为 'user1' 的记录,user2 用户仅能查看 username 值为 'user2' 的记录。
- 参考:
Waiting for 9.5 – Row-Level Security Policies (RLS)
CREATE POLICY
请在登录后发表评论,否则无法保存。
1# __
xcvxcvsdf 回答于 2025-02-12 09:17:06+08
https://aihuishou.tiancebbs.cn/sh/2444.html
https://www.tiancebbs.cn/ershoufang/502621.html
https://bjmei.tiancebbs.cn/mayi-category.xml
https://zulin.tiancebbs.cn/news/13846.html
https://taoshan.tiancebbs.cn/
https://geluosongcui.tiancebbs.cn/mayi-category.xml
https://jinshanwei.tiancebbs.cn/mayi-store.xml
https://bsqgaojing.tiancebbs.cn/mayi-info.xml
https://www.tiancebbs.cn/ershoufang/500366.html
https://aihuishou.tiancebbs.cn/sh/4179.html
https://aihuishou.tiancebbs.cn/dhdszs/mayi-store.xml
https://ahhuaibei.tiancebbs.cn/nlmy/54454.html
https://aihuishou.tiancebbs.cn/jnpcq/
https://yc.tiancebbs.cn/mayi-news.xml
https://lx.tiancebbs.cn/qths/505479.html
http://www.wukong-b2b.com/mall/905/
https://www.tiancebbs.cn/news/42445.html
2# __
xcvxcvsdf 回答于 2025-01-23 09:03:16+08
https://qxn.tiancebbs.cn/qths/502729.html
https://xiangshui.tiancebbs.cn/
https://youxizhen.tiancebbs.cn/mayi-info.xml
http://www.wukong-b2b.com/sell/1617/
https://aihuishou.tiancebbs.cn/lcskfqlcs/mayi-news.xml
https://jianxinzhen.tiancebbs.cn/mayi-info.xml
https://aihuishou.tiancebbs.cn/sh/2872.html
https://sccdxn.tiancebbs.cn/mayi-category.xml
https://aihuishou.tiancebbs.cn/xxhns/mayi-news.xml
https://chongliuzhen.tiancebbs.cn/
https://hpqrenminguangchang.tiancebbs.cn/mayi-category.xml
https://lcjingjikaifa.tiancebbs.cn/mayi-store.xml
https://liupukang.tiancebbs.cn/mayi-info.xml
https://yuanxi.tiancebbs.cn/mayi-store.xml
https://renjizhen.tiancebbs.cn/mayi-info.xml
https://aihuishou.tiancebbs.cn/sh/1911.html
https://yongercun.tiancebbs.cn/mayi-category.xml
3# __
xcvxcvsdf 回答于 2025-01-13 19:15:57+08
https://su.tiancebbs.cn/hjzl/468106.html
https://kunshan.tiancebbs.cn/mayi-store.xml
https://cd.tiancebbs.cn/news/41296.html
https://zulin.tiancebbs.cn/sh/2755.html
https://www.tiancebbs.cn/ershoufang/499392.html
https://cd.tiancebbs.cn/news/37332.html
https://www.tiancebbs.cn/news/36116.html
https://jingyu.tiancebbs.cn/mayi-info.xml
https://zulin.tiancebbs.cn/sh/2148.html
https://aihuishou.tiancebbs.cn/sh/6388.html
https://xa.tiancebbs.cn/qths/497805.html
https://cd.tiancebbs.cn/news/42649.html
https://changshushi.tiancebbs.cn/hjzl/463975.html
https://xiayangzhen.tiancebbs.cn/mayi-info.xml
https://www.tiancebbs.cn/news/40215.html
https://www.tiancebbs.cn/news/38350.html
https://anzhen.tiancebbs.cn/
4# __
xiaowu 回答于 2024-04-21 07:35:15+08
感谢老师的话简短:https://www.nanss.com/yulu/601.html 夺冠观后感:https://www.nanss.com/xuexi/720.html 学生励志语录:https://www.nanss.com/xuexi/1060.html 安全文章:https://www.nanss.com/yuedu/762.html 最佳网名大全:https://www.nanss.com/mingcheng/608.html 简单干净的英文网名:https://www.nanss.com/mingcheng/912.html 超甜的情侣名一人一半:https://www.nanss.com/mingcheng/1464.html 网络好听的名字:https://www.nanss.com/mingcheng/1476.html 女人吉祥好运微信名字两个字:https://www.nanss.com/mingcheng/1452.html 男朋友的昵称:https://www.nanss.com/mingcheng/778.html 霸气微信名:https://www.nanss.com/mingcheng/802.html 回复别人夸赞自己的句子:https://www.nanss.com/yulu/579.html 炫舞名字:https://www.nanss.com/mingcheng/1026.html 2022最霸气的网名:https://www.nanss.com/mingcheng/1487.html 最美的qq网名:https://www.nanss.com/mingcheng/1417.html 科学小知识:https://www.nanss.com/shenghuo/625.html 男生吃鸡名字吸引妹子:https://www.nanss.com/mingcheng/622.html 比较甜美的网名:https://www.nanss.com/mingcheng/1202.html 每日分享励志的一句话:https://www.nanss.com/yulu/1072.html 经典人生励志格言:https://www.nanss.com/xuexi/1320.html 情侣q名:https://www.nanss.com/mingcheng/1428.html 伤感繁体字网名:https://www.nanss.com/mingcheng/1466.html 小确幸的美好句子:https://www.nanss.com/yulu/1056.html 失望的网名女:https://www.nanss.com/mingcheng/777.html 独特的微信名字英文:https://www.nanss.com/mingcheng/975.html 月亮配一句话朋友圈:https://www.nanss.com/wenan/1019.html 我已不是原来的我说说:https://www.nanss.com/wenan/1497.html 母亲鼓励孩子简短句子:https://www.nanss.com/yulu/1029.html 佛语禅心:https://www.nanss.com/yulu/790.html 好看的情侣名:https://www.nanss.com/mingcheng/1164.html
5# __
GUEST 回答于 2016-01-15 20:03:06+08
