postgres 大数据库greenplum配置创建只读用户命令

1. 查看安装目录 并登录

find  / -name 'psql'
find / -name 'gpinitsystem_config'
cd /usr/local/greenplum-db-6.25.2/bin
./psql -d postgres -h mdw -p 5432 -U gpadmin

查看所有数据库

\list

切换数据库

\c postgres gpadmin

\du 查看用户权限

2. 创建一个用户名为readonly密码为readonly的用户

postgres=# CREATE USER readonly WITH ENCRYPTED PASSWORD 'readonly';
NOTICE:  resource queue required -- using default resource queue "pg_default"CREATE ROLE

3. 用户只读事务

postgres=# alter user readonly set default_transaction_read_only=on;
ALTER ROLE

default_transaction_read_only 注解：
设置default_transaction_read_only为on，默认开启的事务为只读事务。
-- 当前用户：readonly 库：test default_transaction_read_only ： on-- 所有会话以readonly 用户连接，自动进入read only的默认事务模式。
test=> \c
You are now connected to database "test" as user "readonly".
test=> show default_transaction_read_only ; 
 default_transaction_read_only -------------------------------
 on
(1 row)-- 创建t1 表失败，会话模式为read-only
test=> create table t1 (id int);
ERROR:  transaction is read-only-- 切换超级管理用户
test=> \c postgres gpadmin
You are now connected to database "postgres" as user "gpadmin".-- 关闭default_transaction_read_only 模式：off
postgres=# alter user readonly set default_transaction_read_only=off;ALTER ROLE
postgres=> show default_transaction_read_only ; 
 default_transaction_read_only -------------------------------
 off-- 创建read only 用户登录test库
postgres=# \c est readonly
Password for user readonly: 
You are now connected to database "test" as user "readonly".-- 创建 t1 表 可以创建成功
test=> create table t1 (id int);
NOTICE:  Table doesn't have 'DISTRIBUTED BY' clause -- Using column named 'id' as the Greenplum Database data distribution key for this table.
HINT:  The 'DISTRIBUTED BY' clause determines the distribution of data. Make sure column(s) chosen are the optimal data distribution key to minimize skew.CREATE TABLE
test=> select count(*) from t1;
 count -------
     0
(1 row)
用户如果使用begion transaction read write可破解。（不需要）
-- 测试 begion transaction read write 
test=> \c postgres gpadmin
You are now connected to database "postgres" as user "gpadmin".-- 切回 default_transaction_read_only  on状态
postgres=# alter user readonly set default_transaction_read_only=on;ALTER ROLE
postgres=# \c test readonly 
Password for user readonly: 
You are now connected to database "test" as user "readonly".
test=> begin transaction read write;BEGIN
test=>  create table t1 (id int);
NOTICE:  Table doesn't have 'DISTRIBUTED BY' clause -- Using column named 'id' as the Greenplum Database data distribution key for this table.
HINT:  The 'DISTRIBUTED BY' clause determines the distribution of data. Make sure column(s) chosen are the optimal data distribution key to minimize skew.CREATE TABLE
test=> select count(*) from public.t_role_info;
 count -------
     0
(1 row)-- 结束会话
test=> end;COMMIT-- 新会话，仍然为read-only模式
test=> create table t1 (id int);
ERROR:  transaction is read-only

4. 把所有库的语言的USAGE权限给到readonly

postgres=# GRANT USAGE ON SCHEMA public to readonly;
GRANT

5. 授予select权限 (下面内容需要到指定库配置权限)
   – 进行授权数据库，进行授权

postgres=> \c postgres gpadmin
grant select on all tables in schema public to readonly;
test => \c test readonly
Password for user readonly: 
test => \c
You are now connected to database "test" as user "readonly".
test => grant select on all tables in schema public to readonly;
GRANT
test=> select count(*) from  public.t_role_info;
 count  --------
 149491

6. 配置用户访问权限
   修改pg-hba.conf 添加用户访问地址配置 指定哪些 ip地址可访问