pg_parameter_acl 是一个 系统目录表,它存储有关已显式授予一个或多个角色的 配置参数的权限信息。
pg_parameter_acl 在 PostgreSQL 15 中被添加。
用法
从 PostgreSQL 15 开始,可以使用 GRANT SET ON PARAMETER 或 GRANT ALTER SYSTEM ON PARAMETER 语法(并相应地使用 REVOKE 移除)显式地将权限授予单个数据库用户,以控制对各个 配置参数的访问。这些权限通过 pg_parameter_acl 进行跟踪。
按 PostgreSQL 版本定义
pg_parameter_acl (PostgreSQL 19)
Table "pg_catalog.pg_parameter_acl"
Column | Type | Collation | Nullable | Default
---------+-----------+-----------+----------+---------
oid | oid | | not null |
parname | text | C | not null |
paracl | aclitem[] | | |
Indexes:
"pg_parameter_acl_oid_index" PRIMARY KEY, btree (oid), tablespace "pg_global"
"pg_parameter_acl_parname_index" UNIQUE CONSTRAINT, btree (parname), tablespace "pg_global"
Tablespace: "pg_global"
文档: pg_parameter_acl
pg_parameter_acl (PostgreSQL 18)
Table "pg_catalog.pg_parameter_acl"
Column | Type | Collation | Nullable | Default
---------+-----------+-----------+----------+---------
oid | oid | | not null |
parname | text | C | not null |
paracl | aclitem[] | | |
Indexes:
"pg_parameter_acl_oid_index" PRIMARY KEY, btree (oid), tablespace "pg_global"
"pg_parameter_acl_parname_index" UNIQUE CONSTRAINT, btree (parname), tablespace "pg_global"
Tablespace: "pg_global"
文档: pg_parameter_acl
pg_parameter_acl (PostgreSQL 17)
Table "pg_catalog.pg_parameter_acl"
Column | Type | Collation | Nullable | Default
---------+-----------+-----------+----------+---------
oid | oid | | not null |
parname | text | C | not null |
paracl | aclitem[] | | |
Indexes:
"pg_parameter_acl_oid_index" PRIMARY KEY, btree (oid), tablespace "pg_global"
"pg_parameter_acl_parname_index" UNIQUE CONSTRAINT, btree (parname), tablespace "pg_global"
Tablespace: "pg_global"
文档: pg_parameter_acl
pg_parameter_acl (PostgreSQL 16)
Table "pg_catalog.pg_parameter_acl"
Column | Type | Collation | Nullable | Default
---------+-----------+-----------+----------+---------
oid | oid | | not null |
parname | text | C | not null |
paracl | aclitem[] | | |
Indexes:
"pg_parameter_acl_oid_index" PRIMARY KEY, btree (oid), tablespace "pg_global"
"pg_parameter_acl_parname_index" UNIQUE CONSTRAINT, btree (parname), tablespace "pg_global"
Tablespace: "pg_global"
文档: pg_parameter_acl
pg_parameter_acl (PostgreSQL 15)
Table "pg_catalog.pg_parameter_acl"
Column | Type | Collation | Nullable | Default
---------+-----------+-----------+----------+---------
oid | oid | | not null |
parname | text | C | not null |
paracl | aclitem[] | | |
Indexes:
"pg_parameter_acl_oid_index" PRIMARY KEY, btree (oid), tablespace "pg_global"
"pg_parameter_acl_parname_index" UNIQUE CONSTRAINT, btree (parname), tablespace "pg_global"
Tablespace: "pg_global"
文档: pg_parameter_acl
变更历史
- PostgreSQL 15
- 添加(提交 a0ffa885)
示例
pg_parameter_acl 的示例用法
postgres=> SET SESSION track_activities = off; ERROR: permission denied to set parameter "track_activities" postgres=> \c - postgres You are now connected to database "postgres" as user "postgres". postgres=# SELECT * FROM pg_parameter_acl ; oid | parname | paracl -----+---------+-------- (0 rows) postgres=# GRANT SET ON PARAMETER track_activities TO foo; GRANT postgres=# SELECT * FROM pg_parameter_acl; oid | parname | paracl -------+------------------+--------------------------------------- 16393 | track_activities | {postgres=sA/postgres,foo=s/postgres} (1 row) postgres=# \dconfig+ track_activities List of configuration parameters Parameter | Value | Type | Context | Access privileges ------------------+-------+------+-----------+---------------------- track_activities | on | bool | superuser | postgres=sA/postgres+ | | | | foo=s/postgres (1 row) postgres=# \c - foo You are now connected to database "postgres" as user "foo". postgres=> SET SESSION track_activities = off; SET
参考资料
- PostgreSQL 文档: pg_parameter_acl