PostgreSQL全面查看用户权限的方法
更新时间:2025年12月26日 10:19:45 作者:小精灵DBA
PostgreSQL查看用户权限的全面方法,包括基本属性、数据库、模式、表、列、函数、序列权限,以及使用工具和内置函数进行综合查询,本文介绍PostgreSQL全面查看用户权限的方法,感兴趣的朋友跟随小编一起看看吧
在 PostgreSQL 中查看用户权限是一个系统化的过程,需要从多个维度进行查询。
以下是全面查看用户权限的方法:
1. 查看用户基本属性
首先查看用户的基本信息和高级权限:
SELECT
usename AS username,
usesuper AS is_superuser,
usecreatedb AS can_create_db,
userepl AS can_replicate,
usebypassrls AS can_bypass_rls,
valuntil AS password_expires
FROM pg_user
WHERE usename = 'your_username'; -- 替换为要查询的用户名+----------+--------------+---------------+---------------+----------------+------------------+ | username | is_superuser | can_create_db | can_replicate | can_bypass_rls | password_expires | +----------+--------------+---------------+---------------+----------------+------------------+ | postgres | t | t | t | t | | +----------+--------------+---------------+---------------+----------------+------------------+
– 或者查看所有用户
SELECT * FROM pg_user;
+---------------+----------+-------------+----------+---------+--------------+----------+----------+-----------+ | usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls | passwd | valuntil | useconfig | +---------------+----------+-------------+----------+---------+--------------+----------+----------+-----------+ | postgres | 10 | t | t | t | t | ******** | | | | readonly_user | 24600 | f | f | f | f | ******** | | | +---------------+----------+-------------+----------+---------+--------------+----------+----------+-----------+
2. 查看数据库级别权限
查看用户对各个数据库的权限:
SELECT
datname AS database,
datacl AS privileges
FROM pg_database
WHERE datname NOT IN ('template0', 'template1')
ORDER BY datname;
+----------+---------------------------------------------------------------+
| database | privileges |
+----------+---------------------------------------------------------------+
| postgres | |
| test_db | {=Tc/postgres,postgres=CTc/postgres,readonly_user=c/postgres} |
+----------+---------------------------------------------------------------+
3. 查看模式级别权限
查看用户在特定数据库中的模式权限:
SELECT
nspname AS schema,
nspacl AS privileges
FROM pg_namespace
WHERE nspname NOT LIKE 'pg_%'
AND nspname != 'information_schema'
ORDER BY nspname;
+--------+-------------------------------------------------------------------------------------------------+
| schema | privileges |
+--------+-------------------------------------------------------------------------------------------------+
| public | {pg_database_owner=UC/pg_database_owner,=U/pg_database_owner,readonly_user=U/pg_database_owner} |
+--------+-------------------------------------------------------------------------------------------------+
4. 查看表级别权限
这是最常用的权限查看,显示用户对表的操作权限:
SELECT
n.nspname AS schema,
c.relname AS table_name,
c.relkind AS type, -- 'r'=table, 'v'=view, 'm'=materialized view
c.relacl AS privileges
FROM pg_class c
JOIN pg_namespace n ON n.oid = c.relnamespace
WHERE c.relkind IN ('r', 'v', 'm')
AND n.nspname NOT IN ('pg_catalog', 'information_schema')
ORDER BY n.nspname, c.relname;
+--------+-------------+------+------------------------------------------------------+
| schema | table_name | type | privileges |
+--------+-------------+------+------------------------------------------------------+
| public | author | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | class | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | contacts | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | duty | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | ipdb1 | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | ipdb2 | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | order | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | sample_data | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | student | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | t | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | t1 | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | t_date | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | test | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | testtab01 | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | testtab05 | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| public | testtab08 | r | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
+--------+-------------+------+------------------------------------------------------+
5. 查看列级别权限
查看用户对表中特定列的权限:
SELECT
n.nspname AS schema,
c.relname AS table_name,
a.attname AS column_name,
a.attacl AS privileges
FROM pg_attribute a
JOIN pg_class c ON a.attrelid = c.oid
JOIN pg_namespace n ON n.oid = c.relnamespace
WHERE a.attnum > 0
AND NOT a.attisdropped
AND a.attacl IS NOT NULL
ORDER BY n.nspname, c.relname, a.attnum;
+------------+-----------------+------------------+---------------+
| schema | table_name | column_name | privileges |
+------------+-----------------+------------------+---------------+
| pg_catalog | pg_subscription | oid | {=r/postgres} |
| pg_catalog | pg_subscription | subdbid | {=r/postgres} |
| pg_catalog | pg_subscription | subskiplsn | {=r/postgres} |
| pg_catalog | pg_subscription | subname | {=r/postgres} |
| pg_catalog | pg_subscription | subowner | {=r/postgres} |
| pg_catalog | pg_subscription | subenabled | {=r/postgres} |
| pg_catalog | pg_subscription | subbinary | {=r/postgres} |
| pg_catalog | pg_subscription | substream | {=r/postgres} |
| pg_catalog | pg_subscription | subtwophasestate | {=r/postgres} |
| pg_catalog | pg_subscription | subdisableonerr | {=r/postgres} |
| pg_catalog | pg_subscription | subslotname | {=r/postgres} |
| pg_catalog | pg_subscription | subsynccommit | {=r/postgres} |
| pg_catalog | pg_subscription | subpublications | {=r/postgres} |
+------------+-----------------+------------------+---------------+
6. 查看函数权限
查看用户对函数的执行权限:
SELECT
n.nspname AS schema,
p.proname AS function_name,
p.proacl AS privileges
FROM pg_proc p
JOIN pg_namespace n ON n.oid = p.pronamespace
WHERE n.nspname NOT IN ('pg_catalog', 'information_schema')
ORDER BY n.nspname, p.proname;
+--------+----------------+------------+ | schema | function_name | privileges | +--------+----------------+------------+ | public | inetmultirange | | | public | inetmultirange | | | public | inetmultirange | | | public | inetrange | | | public | inetrange | | +--------+----------------+------------+
7. 查看序列权限
查看用户对序列的权限:
SELECT
n.nspname AS schema,
c.relname AS sequence_name,
c.relacl AS privileges
FROM pg_class c
JOIN pg_namespace n ON n.oid = c.relnamespace
WHERE c.relkind = 'S' -- 序列
ORDER BY n.nspname, c.relname;
+--------+--------------------+--------------------------------------------------+
| schema | sequence_name | privileges |
+--------+--------------------+--------------------------------------------------+
| public | sample_data_id_seq | {postgres=rwU/postgres,readonly_user=U/postgres} |
+--------+--------------------+--------------------------------------------------+
8. 综合权限查询工具
查询特定用户在所有对象上的权限
SELECT
grantee,
table_schema,
table_name,
privilege_type
FROM information_schema.role_table_grants
WHERE grantee = 'your_username' -- 替换为要查询的用户名
ORDER BY table_schema, table_name;
+---------------+--------------------+---------------------------------------+----------------+ | grantee | table_schema | table_name | privilege_type | +---------------+--------------------+---------------------------------------+----------------+ | postgres | information_schema | _pg_foreign_data_wrappers | INSERT | | postgres | information_schema | _pg_foreign_data_wrappers | TRIGGER | | postgres | information_schema | _pg_foreign_data_wrappers | REFERENCES | | postgres | information_schema | _pg_foreign_data_wrappers | TRUNCATE | | postgres | information_schema | _pg_foreign_data_wrappers | DELETE | | postgres | information_schema | _pg_foreign_data_wrappers | UPDATE | | postgres | information_schema | _pg_foreign_data_wrappers | SELECT |
查看用户成员关系(角色继承)
SELECT
rolname AS role_name,
member,
(SELECT rolname FROM pg_roles WHERE oid = m.member) AS member_name,
admin_option
FROM pg_roles r
JOIN pg_auth_members m ON r.oid = m.roleid
WHERE (SELECT rolname FROM pg_roles WHERE oid = m.member) = 'your_username';
+-----------+--------+-------------+--------------+ | role_name | member | member_name | admin_option | +-----------+--------+-------------+--------------+ +-----------+--------+-------------+--------------+
9. 高级权限分析查询
生成详细的权限报告
WITH user_privs AS (
-- 数据库权限
SELECT
'DATABASE' AS object_type,
datname AS object_name,
datacl AS privileges,
datacl::text AS privileges_text -- 转换为文本
FROM pg_database
WHERE datname = current_database()
UNION ALL
-- 模式权限
SELECT
'SCHEMA',
nspname,
nspacl AS privileges,
nspacl::text AS privileges_text -- 转换为文本
FROM pg_namespace
WHERE nspname NOT LIKE 'pg_%'
UNION ALL
-- 表权限
SELECT
CASE relkind
WHEN 'r' THEN 'TABLE'
WHEN 'v' THEN 'VIEW'
WHEN 'm' THEN 'MATERIALIZED VIEW'
END,
nspname || '.' || relname,
relacl AS privileges,
relacl::text AS privileges_text -- 转换为文本
FROM pg_class c
JOIN pg_namespace n ON n.oid = c.relnamespace
WHERE relkind IN ('r', 'v', 'm')
AND nspname NOT IN ('pg_catalog', 'information_schema')
)
SELECT
object_type,
object_name,
privileges
FROM user_privs
WHERE privileges_text LIKE '%postgres%' -- 使用转换后的文本字段进行LIKE匹配
OR privileges IS NULL
ORDER BY object_type, object_name;+-------------+--------------------+---------------------------------------------------------------+
| object_type | object_name | privileges |
+-------------+--------------------+---------------------------------------------------------------+
| DATABASE | test_db | {=Tc/postgres,postgres=CTc/postgres,readonly_user=c/postgres} |
| SCHEMA | information_schema | {postgres=UC/postgres,=U/postgres} |
| TABLE | public.author | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.class | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.contacts | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.duty | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.ipdb1 | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.ipdb2 | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.order | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.sample_data | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.student | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.t | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.t1 | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.t_date | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.test | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.testtab01 | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.testtab05 | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
| TABLE | public.testtab08 | {postgres=arwdDxt/postgres,readonly_user=r/postgres} |
+-------------+--------------------+---------------------------------------------------------------+
10. 使用内置函数查看权限
PostgreSQL 提供了 has_table_privilege() 等函数来检查特定权限:
-- 检查用户对特定表的权限
SELECT
has_table_privilege('your_username', 'schema_name.table_name', 'SELECT') AS can_select,
has_table_privilege('your_username', 'schema_name.table_name', 'INSERT') AS can_insert,
has_table_privilege('your_username', 'schema_name.table_name', 'UPDATE') AS can_update,
has_table_privilege('your_username', 'schema_name.table_name', 'DELETE') AS can_delete;
SELECT
has_table_privilege('readonly_user', 'public.t1', 'SELECT') AS can_select,
has_table_privilege('readonly_user', 'public.t1', 'INSERT') AS can_insert,
has_table_privilege('readonly_user', 'public.t1', 'UPDATE') AS can_update,
has_table_privilege('readonly_user', 'public.t1', 'DELETE') AS can_delete;
can_select | can_insert | can_update | can_delete
------------+------------+------------+------------
t | f | f | f
(1 row)
实用技巧
查看当前用户权限:
-- 查看当前用户在所有表上的权限 SELECT * FROM information_schema.table_privileges;
- 权限说明:
r= SELECT (“read”)w= UPDATE (“write”)a= INSERT (“append”)d= DELETED= TRUNCATEx= REFERENCESt= TRIGGERX= EXECUTEU= USAGEC= CREATEc= CONNECTT= TEMPORARY
- 快速检查用户是否有某个权限:
SELECT has_database_privilege('username', 'databasename', 'connect');
SELECT has_schema_privilege('username', 'schemaname', 'usage');
SELECT has_table_privilege('username', 'tablename', 'select');
SELECT has_database_privilege('readonly_user', 'test_db', 'connect');
has_database_privilege
------------------------
t
(1 row)
test_db=# SELECT has_schema_privilege('readonly_user', 'public', 'usage');
has_schema_privilege
----------------------
t
(1 row)
test_db=# SELECT has_table_privilege('readonly_user', 't1', 'select');
has_table_privilege
---------------------
t
(1 row)通过这些查询,可以全面了解 PostgreSQL 中用户的权限情况,便于进行权限审计和安全管理工作。
到此这篇关于PostgreSQL全面查看用户权限的方法的文章就介绍到这了,更多相关PostgreSQL查看用户权限内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!
相关文章
PostgreSQL使用pg_locks视图查看锁类型、表OID、进程ID及模式,结合pg_class过滤表,通过pg_stat_activity分析等待时间,检查阻塞进程与查询,优化查询和隔离级别解决锁问题2025-06-06
这篇文章主要介绍了PostgreSQL批量update与oracle差异,本文给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下2021-01-01
这篇文章主要介绍了PostgreSQL 实现子查询返回多行的案例,具有很好的参考价值,希望对大家有所帮助。一起跟随小编过来看看吧2021-01-01
这篇文章主要介绍了Postgresql 实现查询一个表/所有表的所有列名,具有很好的参考价值,希望对大家有所帮助。一起跟随小编过来看看吧2020-12-12
解决PostgreSQL数据库连接报错:psql: error: FATAL: password authent
这篇文章主要给大家介绍了关于如何解决PostgreSQL数据库连接报错:psql: error: FATAL: password authentication failed for user "postgres"的相关资料,在使用PostgreSQL时,一些关键配置的错误可能导致数据库无法正常启动,需要的朋友可以参考下2024-05-05
这篇文章主要介绍了postgresql 如何关闭自动提交的操作,具有很好的参考价值,希望对大家有所帮助。一起跟随小编过来看看吧2021-01-01
这篇文章主要介绍了PostgreSQL教程(十三):数据库管理详解,本文讲解了概述、创建数据库、修改数据库配置、删除数据库、表空间,需要的朋友可以参考下2015-05-05
PostgreSQL 是一个功能强大的开源关系型数据库系统,基于 C 语言实现,采用 PostgreSQL 许可证,这是一种自由软件许可证,允许用户自由使用、修改和分发源代码,所以本文将给大家介绍PostgreSQL15.x安装的详细教程,需要的朋友可以参考下2024-09-09
这篇文章主要给大家介绍了关于PostgreSQL中日期/时间函数的相关资料,文章通过实例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下2022-01-01
这篇文章主要介绍了三种PostgreSQL实时打印查询的方法:1.通过日志配置记录所有SQL;2.利用pg_stat_activity监控活跃查询;3.使用pg_stat_statements分析历史性能,并提醒生产环境应避免全量记录以减少性能损耗,需要的朋友可以参考下2025-09-09
最新评论