postgresql postgres RDS 服务器中的 rds_superuser 角色
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/49781775/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
rds_superuser role in postgres RDS server
提问by Tomislav Mikulin
I just created a new postgres RDS instace on aws (through the dashboard), and I gave it a default user, lets call him "Hyman".
我刚刚在 aws 上创建了一个新的 postgres RDS 实例(通过仪表板),我给了它一个默认用户,让我们称他为“Hyman”。
When I logged in to the instance, I saw my created user "Hyman", and that he had a role "rds_superuser" attached. (so I thought that I can do the same things that I used to do with superuser on a regular postgres server).
当我登录到实例时,我看到我创建的用户“Hyman”,并且他附加了一个角色“ rds_superuser”。(所以我认为我可以做我过去在普通 postgres 服务器上用超级用户做的同样的事情)。
I checked the documentation, I saw that wasn't possible.
我检查了文档,我发现这是不可能的。
As logged in as the default user "stan", I created a new database user like "stan", and wanted to create a new databases with the owner being the user "stan", I couldn't?
作为默认用户“stan”登录后,我创建了一个像“stan”这样的新数据库用户,并想创建一个所有者为用户“stan”的新数据库,我不能吗?
I entered something like this:
我输入了这样的东西:
CREATE DATABASE foobar WITH OWNER = stan;
But I got an error, saying something like:
但是我遇到了一个错误,说的是:
ERROR: must be member of role "stan"
错误:必须是角色“stan”的成员
So, what I did was, made the role "stan", logged out as the default user "Hyman", logged into the RDS instance as "stan", and created that database with him as the owner.
所以,我所做的是,将角色设置为“stan”,以默认用户“Hyman”的身份注销,以“stan”的身份登录到 RDS 实例,并以他为所有者创建该数据库。
Since I had three different users, I had to repeat that last step three times.
由于我有三个不同的用户,我不得不重复最后一步三遍。
My question, is there a way, that I can make the default user "Hyman" that I created during RDS postgres creation, capable of creating new databases (like superuser on a regular postgres server installation) and giving the different owners like this:
我的问题是,有没有办法让我在 RDS postgres 创建期间创建的默认用户“Hyman”能够创建新数据库(如常规 postgres 服务器安装上的超级用户)并为不同的所有者提供这样的:
CREATE DATABASE foobar WITH OWNER = stan;
Tnx, Tom
Tnx,汤姆
回答by Vao Tsun
you were supposed to grant stanto rds_superuserin order to do that. You did:
你应该授予stantords_superuser为了做到这一点。你做到了:
rds=> create user stan;
CREATE ROLE
rds=> CREATE DATABASE foobar WITH OWNER = stan;
ERROR: must be member of role "stan"
you should:
你应该:
rds=> grant stan to su_rdsadm;
GRANT ROLE
rds=> CREATE DATABASE foobar WITH OWNER = stan;
CREATE DATABASE
I did it as rds superuser:
我是作为 rds 超级用户完成的:
rds=> \du+ su_rdsadm
List of roles
Role name | Attributes | Member of | Description
-------------+-------------------------------+----------------------+-------------
su_rdsadm | Create role, Create DB +| {rds_superuser,stan} |
| Password valid until infinity | |
rds=> select current_user;
current_user
--------------
su_rdsadm
(1 row)
It's good to know this further. This limitation of rds_superuser for ownership/grants and so on will keep hitting you until you grant role whose objects you want to manipulate (or on which behalf you want to grant) to rds superuser.
很高兴进一步了解这一点。rds_superuser 对所有权/授予等的限制将一直困扰着您,直到您将要操作的对象(或您要授予的对象)的角色授予 rds 超级用户。
