2019獨(dú)角獸企業(yè)重金招聘Python工程師標(biāo)準(zhǔn)>>>

要想修改PG的用戶權(quán)限，那么首先要對(duì)PG權(quán)限控制做一下了解：

PG的權(quán)限控制是針對(duì)到各個(gè)對(duì)象的。大家可以看一下，所有系統(tǒng)表（pg_catalog下）幾乎都會(huì)有aclitem[]數(shù)組類型的**acl的字段，這就是對(duì)權(quán)限的標(biāo)識(shí)。

這里的標(biāo)識(shí)情況如下：

rolename=xxxx -- privileges granted to a role=xxxx -- privileges granted to PUBLICr -- SELECT ("read")w -- UPDATE ("write")a -- INSERT ("append")d -- DELETED -- TRUNCATEx -- REFERENCESt -- TRIGGERX -- EXECUTEU -- USAGEC -- CREATEc -- CONNECTT -- TEMPORARYarwdDxt -- ALL PRIVILEGES (for tables, varies for other objects)* -- grant option for preceding privilege/yyyy -- role that granted this privilege

這里有一個(gè)非常重要的結(jié)構(gòu)體：

typedef struct AclItem {Oid ai_grantee; /* ID that this item grants privs to */Oid ai_grantor; /* grantor of privs */AclMode ai_privs; /* privilege bits */ } AclItem;typedef uint32 AclMode; 然后注釋對(duì)AclMode的解釋是這樣的： /** The upper 16 bits of the ai_privs field of an AclItem are the grant option* bits, and the lower 16 bits are the actual privileges. We use "rights"* to mean the combined grant option and privilege bits fields.*/ 高16位存儲(chǔ)的是grant option，而低16位存儲(chǔ)的是各個(gè)權(quán)限位的授予情況，有沒(méi)有對(duì)應(yīng)的權(quán)限。

對(duì)低16位的解釋：

低16位很簡(jiǎn)單的可以明白就是在這16bit上表示權(quán)限。通過(guò)下面的宏定義可以了解一下：

#define ACL_INSERT (1<<0) /* for relations */ #define ACL_SELECT (1<<1) #define ACL_UPDATE (1<<2) #define ACL_DELETE (1<<3) #define ACL_TRUNCATE ???(1<<4) #define ACL_REFERENCES (1<<5) #define ACL_TRIGGER (1<<6) #define ACL_EXECUTE (1<<7) /* for functions */ #define ACL_USAGE (1<<8) /* for languages, namespaces, FDWs, and* servers */ #define ACL_CREATE (1<<9) /* for namespaces and databases */ #define ACL_CREATE_TEMP (1<<10) /* for databases */ #define ACL_CONNECT (1<<11) /* for databases */ #define N_ACL_RIGHTS 12 /* 1 plus the last 1<<x */ #define ACL_NO_RIGHTS 0 /* Currently, SELECT ... FOR [KEY] UPDATE/SHARE requires UPDATE privileges */ #define ACL_SELECT_FOR_UPDATE ACL_UPDATE

低16位上便是上面對(duì)應(yīng)的權(quán)限有無(wú)了。對(duì)應(yīng)權(quán)限，大家看一下名字就能明白了。

高16位存儲(chǔ)的是各權(quán)限對(duì)應(yīng)的授出或者被轉(zhuǎn)授選項(xiàng)。其實(shí)就是上一次的受權(quán)情況，對(duì)高16位的操作我只在grant和revoke發(fā)現(xiàn)，還有就是對(duì)權(quán)限進(jìn)行讀入，對(duì)*還有處理。這兩處的用法就是將上一次的受權(quán)低16位存儲(chǔ)到高16位。

#define ACL_INSERT_CHR 'a' /* formerly known as "append" */ #define ACL_SELECT_CHR 'r' /* formerly known as "read" */ #define ACL_UPDATE_CHR 'w' /* formerly known as "write" */ #define ACL_DELETE_CHR 'd' #define ACL_TRUNCATE_CHR 'D' /* super-delete, as it were */ #define ACL_REFERENCES_CHR 'x' #define ACL_TRIGGER_CHR 't' #define ACL_EXECUTE_CHR 'X' #define ACL_USAGE_CHR 'U' #define ACL_CREATE_CHR 'C' #define ACL_CREATE_TEMP_CHR 'T' #define ACL_CONNECT_CHR 'c'

而以宏定義定義的是相應(yīng)權(quán)限所對(duì)應(yīng)的字符。這就是我們經(jīng)常能看到的**acl字段所存儲(chǔ)的信息了。

現(xiàn)在通過(guò)一個(gè)給數(shù)據(jù)庫(kù)賦權(quán)的例子來(lái)解釋一下**acl字段存儲(chǔ)的信息：

create user ff createdb; \c test ff create database tain; select * from pg_database where datname = 'tain';datname | datdba | encoding | datcollate | datctype | datistemplate | datallowconn | datconnlimit | datlastsysoid | da tfrozenxid | datminmxid | dattablespace | datacl -----------+--------+----------+-------------+-------------+---------------+--------------+--------------+---------------+--- -----------+------------+---------------+--------------------------------------------------------tain | 16438 | 6 | en_US.UTF-8 | en_US.UTF-8 | f | t | -1 | 12917 | 1674 | 1 | 1663 | (5 rows)grant all on database tain to ss; select * from pg_database where datname = 'tain'; datname | datdba | encoding | datcollate | datctype | datistemplate | datallowconn | datconnlimit | datlastsysoid | da tfrozenxid | datminmxid | dattablespace | datacl -----------+--------+----------+-------------+-------------+---------------+--------------+--------------+---------------+--- -----------+------------+---------------+--------------------------------------------------------tain | 16438 | 6 | en_US.UTF-8 | en_US.UTF-8 | f | t | -1 | 12917 | 1674 | 1 | 1663 | {=Tc/ff,ff=CTc/ff,ss=CTc/ff} (5 rows)\c postgres postgres alter database tain owner to postgres; select * from pg_database where datname = 'tain';datname | datdba | encoding | datcollate | datctype | datistemplate | datallowconn | datconnlimit | datlastsysoid | da tfrozenxid | datminmxid | dattablespace | datacl -----------+--------+----------+-------------+-------------+---------------+--------------+--------------+---------------+--- -----------+------------+---------------+--------------------------------------------------------tain | 10 | 6 | en_US.UTF-8 | en_US.UTF-8 | f | t | -1 | 12917 | 1674 | 1 | 1663 | {=Tc/postgres,postgres=CTc/postgres,ss=CTc/postgres} (5 rows)

上面有這么三種情況:

1、創(chuàng)建數(shù)據(jù)庫(kù)后，默認(rèn)為空。
2、為用戶賦權(quán)后，將默認(rèn)和賦權(quán)的情況都寫在了datacl字段內(nèi)。
? ? =前的為受權(quán)的用戶，/后的為數(shù)據(jù)庫(kù)所屬的用戶，/前的為受權(quán)用戶對(duì)其擁有的權(quán)限。
3、改變數(shù)據(jù)庫(kù)屬主后的權(quán)限情況。

說(shuō)完權(quán)限情況，下面介紹一下用戶情況，

PG的用戶可以分為兩類：1超級(jí)用戶，2普通用戶。

為什么這會(huì)分出這兩類呢？
1、普通用戶的權(quán)限控制可以直接用命令直接進(jìn)行修改權(quán)限：

postgres=# \help grant Command: GRANT Description: define access privileges Syntax: GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }[, ...] | ALL [ PRIVILEGES ] }ON { [ TABLE ] table_name [, ...]| ALL TABLES IN SCHEMA schema_name [, ...] }TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )[, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }ON [ TABLE ] table_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { { USAGE | SELECT | UPDATE }[, ...] | ALL [ PRIVILEGES ] }ON { SEQUENCE sequence_name [, ...]| ALL SEQUENCES IN SCHEMA schema_name [, ...] }TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] }ON DATABASE database_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { USAGE | ALL [ PRIVILEGES ] }ON DOMAIN domain_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { USAGE | ALL [ PRIVILEGES ] }ON FOREIGN DATA WRAPPER fdw_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { USAGE | ALL [ PRIVILEGES ] }ON FOREIGN SERVER server_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { EXECUTE | ALL [ PRIVILEGES ] }ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) [, ...]| ALL FUNCTIONS IN SCHEMA schema_name [, ...] }TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { USAGE | ALL [ PRIVILEGES ] }ON LANGUAGE lang_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] }ON LARGE OBJECT loid [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { { CREATE | USAGE } [, ...] | ALL [ PRIVILEGES ] }ON SCHEMA schema_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { CREATE | ALL [ PRIVILEGES ] }ON TABLESPACE tablespace_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT { USAGE | ALL [ PRIVILEGES ] }ON TYPE type_name [, ...]TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]GRANT role_name [, ...] TO role_name [, ...] [ WITH ADMIN OPTION ] \help revoke Command: REVOKE Description: remove access privileges Syntax: REVOKE [ GRANT OPTION FOR ]{ { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }[, ...] | ALL [ PRIVILEGES ] }ON { [ TABLE ] table_name [, ...]| ALL TABLES IN SCHEMA schema_name [, ...] }FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )[, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }ON [ TABLE ] table_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ { USAGE | SELECT | UPDATE }[, ...] | ALL [ PRIVILEGES ] }ON { SEQUENCE sequence_name [, ...]| ALL SEQUENCES IN SCHEMA schema_name [, ...] }FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] }ON DATABASE database_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ USAGE | ALL [ PRIVILEGES ] }ON DOMAIN domain_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ USAGE | ALL [ PRIVILEGES ] }ON FOREIGN DATA WRAPPER fdw_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ USAGE | ALL [ PRIVILEGES ] }ON FOREIGN SERVER server_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ EXECUTE | ALL [ PRIVILEGES ] }ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) [, ...]| ALL FUNCTIONS IN SCHEMA schema_name [, ...] }FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ USAGE | ALL [ PRIVILEGES ] }ON LANGUAGE lang_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] }ON LARGE OBJECT loid [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ { CREATE | USAGE } [, ...] | ALL [ PRIVILEGES ] }ON SCHEMA schema_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ CREATE | ALL [ PRIVILEGES ] }ON TABLESPACE tablespace_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ GRANT OPTION FOR ]{ USAGE | ALL [ PRIVILEGES ] }ON TYPE type_name [, ...]FROM { [ GROUP ] role_name | PUBLIC } [, ...][ CASCADE | RESTRICT ]REVOKE [ ADMIN OPTION FOR ]role_name [, ...] FROM role_name [, ...][ CASCADE | RESTRICT ]

這是對(duì)普通用戶權(quán)限的修改。

2、對(duì)于超級(jí)用戶，權(quán)限修改在這里有沒(méi)有用了。

對(duì)于超級(jí)用戶來(lái)說(shuō)，所有的操作只有如下的判斷就可以操作了：

bool superuser(void) {return superuser_arg(GetUserId()); }Oid GetUserId(void) {AssertState(OidIsValid(CurrentUserId));return CurrentUserId; } 只要判斷是超級(jí)用戶即可進(jìn)行操作。超級(jí)用戶的權(quán)限很大，在這里提醒各位超級(jí)用戶慎用。而且在PG里默認(rèn)用戶postgres是就是超級(jí)用戶，而且不能刪除。

所以你可能就需要修改超級(jí)用戶的權(quán)限了，那么如何修改呢？必須通過(guò)編寫代碼進(jìn)行對(duì)超級(jí)用戶進(jìn)行限制。這就用到了PostgreSQL的hook機(jī)制。

hook可以修改和中斷用戶的操作。

下面是常用hook列表，大家可以根據(jù)列表進(jìn)行對(duì)數(shù)據(jù)庫(kù)相關(guān)過(guò)程進(jìn)行修改，不需要直接在PG源碼下修改，僅需要加一個(gè)擴(kuò)展組件即可。

Hook	初始版本	說(shuō)明
check_password_hook	9.0	處理用戶密碼時(shí)調(diào)用的hook，可以對(duì)用戶的密碼進(jìn)行限制，增加密碼的規(guī)范。
ClientAuthentication_hook	9.1	處理連接時(shí)調(diào)用的hook，可以對(duì)連接進(jìn)行管理。
ExecutorStart_hook	8.4	處理查詢執(zhí)行開(kāi)始時(shí)調(diào)用的hook
ExecutorRun_hook	8.4	處理查詢執(zhí)行時(shí)調(diào)用的hook
ExecutorFinish_hook	8.4	處理查詢結(jié)束時(shí)調(diào)用的hook
ExecutorEnd_hook	8.4	處理查詢完成后調(diào)用的hook
ExecutorCheckPerms_hook	9.1	處理訪問(wèn)權(quán)限時(shí)調(diào)用的hook
ProcessUtility_hook	9.0	通用hook，可以處理很多的過(guò)程。

下面也是一些hook，不過(guò)使用的較少：

Hook	使用	初始版本	說(shuō)明
explain_get_index_name_hook		8.3	在尋找索引name時(shí)調(diào)用的hook
ExplainOneQuery_hook	IndexAdvisor	8.3
fmgr_hook	sepgsql	9.1	函數(shù)調(diào)用潛的hook
get_attavgwidth_hook		8.4
get_index_stats_hook		8.4
get_relation_info_hook	plantuner	8.3	得到數(shù)據(jù)庫(kù)對(duì)象信息的時(shí)候調(diào)用的hook
get_relation_stats_hook		8.4
join_search_hook	saio	8.3
needs_fmgr_hook	sepgsql	9.1
object_access_hook	sepgsql	9.1
planner_hook	planinstr	8.3	在計(jì)劃開(kāi)始執(zhí)行前調(diào)用的hook，可以修改一些查詢計(jì)劃的行為
shmem_startup_hook	pg_stat_statements	8.4	在初始化共享內(nèi)存是調(diào)用的hook

hook工作原理：每一個(gè)hook是由一個(gè)全局性的函數(shù)指針構(gòu)成的。服務(wù)端進(jìn)行運(yùn)行初始化其為NULL，當(dāng)數(shù)據(jù)庫(kù)必須調(diào)用的時(shí)候，首先會(huì)檢測(cè)是否為NULL，不是則優(yōu)先調(diào)用函數(shù)，否則執(zhí)行標(biāo)準(zhǔn)函數(shù)。

設(shè)置函數(shù)指針：當(dāng)數(shù)據(jù)庫(kù)載入共享庫(kù)時(shí)，首先會(huì)將其載入到內(nèi)存中，然后執(zhí)行一個(gè)函數(shù)調(diào)用_PG_init。這個(gè)函數(shù)存在大多數(shù)共享庫(kù)中是有效的。所以我們可以通過(guò)這個(gè)函數(shù)來(lái)加載我們自己的hook。

取消函數(shù)指針設(shè)置：當(dāng)數(shù)據(jù)庫(kù)需要卸載其共享庫(kù)時(shí)，會(huì)調(diào)用函數(shù)?_PG_fini() 。我們可以再此進(jìn)行設(shè)置函數(shù)指針為NULL，這樣就取消設(shè)置了。

下面來(lái)一個(gè)實(shí)戰(zhàn)型的：

目的：超級(jí)用戶sure不能對(duì)任何表進(jìn)行訪問(wèn)。

1、在contrib下建立目錄：acl_super。

[root@localhost contrib]# mkdir acl_super; [root@localhost contrib]# 2、建立C文件： /** acl_super.c* the super user sure can not have not permission to operate the * ordinary table.*/ #include "postgres.h" #include "miscadmin.h" #include "nodes/parsenodes.h" #include "nodes/pg_list.h" #include "catalog/pg_class.h" #include "executor/executor.h"PG_MODULE_MAGIC;void _PG_init(void); void _PG_fini(void);static ExecutorCheckPerms_hook_type prev_ExecutorCheckPerms_hook = NULL;static void myExecCheckRTPerms(List *rangeTable, bool ereport_on_violation);/** Stop the super user sure from operating the ordinary table */static void myExecCheckRTPerms(List *rangeTable, bool ereport_on_violation) {ListCell *l;Oid cuser = InvalidOid;char* cusername = NULL;cuser = GetSessionUserId();cusername = GetUserNameFromId(cuser);if(strcmp("sure", cusername) == 0){foreach(l, rangeTable){RangeTblEntry *rte = (RangeTblEntry *) lfirst(l);if(rte->relkind == RELKIND_RELATION) // ???????????????????????????????????? ereport(ERROR,(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),errmsg("permission denied to table")));}}return true; }/** _PG_init* Install the hook.*/ void _PG_init(void) {prev_ExecutorCheckPerms_hook = ExecutorCheckPerms_hook;ExecutorCheckPerms_hook = myExecCheckRTPerms; }/** _PG_fini* Uninstall the hook.*/ void _PG_fini(void) {ExecutorCheckPerms_hook = prev_ExecutorCheckPerms_hook; }

3、建立Makefile：

# contrib/dbrestrict/MakefileMODULES = acl_super OBJS = acl_super.soifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) include $(PGXS) else subdir = contrib/acl_super top_builddir = ../.. include $(top_builddir)/src/Makefile.global include $(top_srcdir)/contrib/contrib-global.mk endif 現(xiàn)在目錄下的文件為： [root@localhost acl_super]# ls acl_super.c Makefile [root@localhost acl_super]# 4、編譯與安裝 [root@localhost acl_super]# make gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing -fwrapv -fpic -I. -I. -I../../src/include -D_GNU_SOURCE -c -o acl_super.o acl_super.c gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing -fwrapv -fpic -L../../src/port -L../../src/common -Wl,-rpath,'/opt/pgdbdevel/lib',--enable-new-dtags -shared -o acl_super.so acl_super.o [root@localhost acl_super]# make install /bin/mkdir -p '/opt/pgdbdevel/lib/postgresql' /usr/bin/install -c -m 755 acl_super.so '/opt/pgdbdevel/lib/postgresql/' [root@localhost acl_super]# 5、配置文件：

將data目錄下的postgresql.conf中的shared_preload_libraries進(jìn)行修改：

原：

#shared_preload_libraries = '' # (change requires restart) 修改為： shared_preload_libraries = 'acl_super' # (change requires restart) 6、重啟數(shù)據(jù)庫(kù)服務(wù) [postgres@localhost bin]$ ./pg_ctl -D ../data restart waiting for server to shut down....LOG: received smart shutdown request LOG: autovacuum launcher shutting down LOG: shutting down LOG: database system is shut downdone server stopped server starting [postgres@localhost bin]$ LOG: database system was shut down at 2014-09-12 00:21:22 PDT LOG: autovacuum launcher started LOG: database system is ready to accept connections[postgres@localhost bin]$ ./psql psql (9.5devel) Type "help" for help.postgres=# 7、實(shí)驗(yàn)結(jié)果： postgres=# create table sure_test(s1 int); insert into sure_test values (1),(2),(3); select * from sure_test;s1 ----123 (3 rows)\c postgres sure You are now connected to database "postgres" as user "sure". postgres=# select * from sure_test; ERROR: permission denied to table STATEMENT: select * from sure_test; ERROR: permission denied to table postgres=# 以上就是對(duì)超級(jí)用戶進(jìn)行權(quán)限限制，當(dāng)然這里的處理是簡(jiǎn)單暴力的，而更深層次的權(quán)限修改，那就需要花費(fèi)比較大的時(shí)間進(jìn)行改動(dòng)，甚至?xí)薷脑创a，這里就暫不涉及。

參考：

http://www.cnblogs.com/gaojian/p/3259147.html
http://michael.otacoo.com/postgresql-2/hooks-in-postgres-super-superuser-restrictions/
http://wiki.postgresql.org/images/e/e3/Hooks_in_postgresql.pdf

以后會(huì)繼續(xù)對(duì)hook進(jìn)行詳細(xì)介紹的，歡迎大家來(lái)使用與討論hook機(jī)制。

轉(zhuǎn)載于:https://my.oschina.net/Suregogo/blog/312848

總結(jié)

以上是生活随笔為你收集整理的PostgreSQL下如何修改用户权限的介绍以及hook机制对超级用户的权限修改的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。