// 查看當(dāng)前schema的所有者，相當(dāng)于\du元命令
SELECT n.nspname AS "Name",
 pg_catalog.pg_get_userbyid(n.nspowner) AS "Owner"
FROM pg_catalog.pg_namespace n
WHERE n.nspname !~ '^pg_' AND n.nspname <> 'information_schema'
ORDER BY 1; 

// 最后一條命令就是授予初始權(quán)限
grant select on all tables in schema abc to test;
grant usage on schema abc to test;
alter default privileges in schema abc grant select on tables to test;

// 查看初始權(quán)限
select * from pg_catalog.pg_default_acl;

// 查看初始權(quán)限
SELECT pg_catalog.pg_get_userbyid(d.defaclrole) AS "Granter",
 n.nspname AS "Schema",
 CASE d.defaclobjtype WHEN 'r' THEN 'table' WHEN 'S' THEN 'sequence' WHEN 'f' THEN 'function' WHEN 'T' THEN 'type' END AS "Type",
 pg_catalog.array_to_string(d.defaclacl, E', ') AS "Access privileges"
FROM pg_catalog.pg_default_acl d
LEFT JOIN pg_catalog.pg_namespace n ON n.oid = d.defaclnamespace
ORDER BY 1, 2, 3;

// 修改模式“abc”擁有者為：dbadmin
ALTER SCHEMA abc OWNER TO "dbadmin";
// 查看模式的擁有者，相當(dāng)于\du元命令
SELECT n.nspname AS "Name",
 pg_catalog.pg_get_userbyid(n.nspowner) AS "Owner"
FROM pg_catalog.pg_namespace n
WHERE n.nspname !~ '^pg_' AND n.nspname <> 'information_schema'
ORDER BY 1;

alter default privileges in schema abc grant select on tables to test;

配置文件:  postgresql.conf
登錄權(quán)限控制文件: pg_hba.conf
數(shù) 據(jù) 目 錄 ： base
運(yùn)行日志目錄： log
歸檔日志目錄： pg_wal

[root@postgrssql ~]# vim /var/lib/pgsql/11/data/postgresql.conf
listen_addresses = 'localhost,172.18.1.76'

[root@postgrssql ~]# vim /var/lib/pgsql/11/data/postgresql.conf
port = 5432

[root@postgrssql ~]# vim /var/lib/pgsql/11/data/postgresql.conf
max_connections = 100

# 是否開(kāi)啟 archive_log日志功能
archive_mode = on
# 歸檔 archive_log日志要執(zhí)行的命令，當(dāng)前不準(zhǔn)備歸檔就執(zhí)行 cd命令
archive_command = 'cd .' 
[root@postgrssql ~]# ll -sh /var/lib/pgsql/11/data/pg_wal
total 16M
M -rw------- 1 postgres postgres 16M Nov 23 20:47 000000010000000000000001
 0 drwx------ 2 postgres postgres 6 Nov 22 15:21 archive_status

[root@postgrssql ~]# sed -i '80d' /var/lib/pgsql/11/data/pg_hba.conf
[root@postgrssql ~]# sed -i '79a local all  postgres  peer' /var/lib/pgsql/11/data/pg_hba.conf

# 創(chuàng)建 olda 用戶(hù)
postgres=# create user olda with password '123456';
CREATE ROLE
# 查看所有用戶(hù)
postgres=# \du
     List of roles
 Role name |    Attributes    | Member of 
-----------+------------------------------------------------------------+-----------
 olda |        | {}
 postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}

# 切換到 course 數(shù)據(jù)庫(kù)
postgres=# \c course
You are now connected to database "course" as user "postgres".
# 在 course 數(shù)據(jù)庫(kù)授權(quán)所有表的所有權(quán)限到 olda用戶(hù)
course=# grant all on all tables in schema public to olda;
GRANT
# 查看 course 數(shù)據(jù)庫(kù)所有表的權(quán)限表信息
course=# \dp+
     Access privileges
 Schema | Name | Type | Access privileges | Column privileges | Policies 
--------+----------+-------+---------------------------+-------------------+----------
 public | students | table | postgres=arwdDxt/postgres+|   | 
 |  | | olda=arwdDxt/postgres |   | 
(1 row)

[root@postgrssql ~]# vim /var/lib/pgsql/11/data/pg_hba.conf
# "local" is for Unix domain socket connections only
local all  postgres    peer
local all  olda  0.0.0.0/0  md5
# 重載 PostgreSQL
systemctl reload postgresql-11.service
# 測(cè)試 olda用戶(hù)連接 PgSQL的 course庫(kù)
-bash-4.2$ psql -U olda -W course
Password: 
psql (11.6)
Type "help" for help.
course=> \l
     List of databases
 Name | Owner | Encoding | Collate | Ctype | Access privileges 
-----------+----------+----------+-------------+-------------+-----------------------
 course | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | 
 postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | 
 template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres  +
  |  |  |  |  | postgres=CTc/postgres
 template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres  +
  |  |  |  |  | postgres=CTc/postgres
(4 rows)

postgres=# alter default privileges for role postgres grant all on tables to olda;
ALTER DEFAULT PRIVILEGES

默認(rèn)在pg_hba.conf文件中加入密碼驗(yàn)證方式還是不可以遠(yuǎn)程訪(fǎng)問(wèn)，因?yàn)槭?local方式。
加入 olda用戶(hù)，host方式，所有來(lái)源IP都可以登錄所有庫(kù)，登錄密碼驗(yàn)證方式為md5
-bash-4.2$ psql -U olda -W -h 172.18.1.76 -p 5432 course
Password: 
psql: FATAL: no pg_hba.conf entry for host "172.18.1.76", user "olda", database "course", SSL off
[root@postgrssql ~]# vim /var/lib/pgsql/11/data/pg_hba.conf
# "local" is for Unix domain socket connections only
local all  postgres    peer
local all  olda     md5
host all  olda  0.0.0.0/0  md5
# 重載 PostgreSQL
[root@postgrssql ~]# systemctl reload postgresql-11.service
# 測(cè)試是否可以遠(yuǎn)程連接到 PostgreSQL
-bash-4.2$ psql -U olda -W -h 172.18.1.76 -p 5432 course
Password: 
psql (11.6)
Type "help" for help.
course=>