Release Notes and Announcements

Release Notes

Product Announcements

Product Introduction

Overview

Features

Strengths

Scenarios

Information Security

Regions and AZs

Product Feature List

Large version lifecycle description

MSSQL Compatible Version

Billing

Billing Overview

Instance Type and Specification

Purchase Methods

Refund

Overdue Payments

Backup Space Billing

Database Audit Billing Overview

Getting Started

Creating TencentDB for PostgreSQL Instance

Connecting to TencentDB for PostgreSQL Instance

Managing TencentDB for PostgreSQL Instance

Importing Data

Migrating Data with DTS

Kernel Version Introduction

Kernel Version Overview

Kernel Version Release Notes

Viewing Kernel Version

Proprietary Kernel Features

Database Audit

Audit Service Description

Activating Audit Service

View Audit Logs

Modify audit services

Audit Performance Description

User Guide

Instance Management

Upgrading Instance

CPU Elastic Scaling

Read-Only Instance

Account Management

Database Management

Parameter Management

Log Management and Analysis

Backup and Restoration

Data Migration

Extension Management

Network Management

Access Management

Data Security

Tenant and Resource Isolation

Security Groups

Monitoring and Alarms

Tag

AI Practice

Using the Tencentdb_ai Plug-In to Call Large Models

Building Ai Applications with the Tencentdb Ai Plug-In

Combining Supabase to Quickly Build Backend Service Based on TencentDB for PostgreSQL

Use Cases

postgres_fdw Extension for Cross-database Access

Automatically Creating Partition in PostgreSQL

Searching in High Numbers of Tags Based on pg_roaringbitmap

Querying People Nearby with One SQL Statement

Configuring TencentDB for PostgreSQL as GitLab's External Data Source

Supporting Tiered Storage Based on cos_fdw Extension

Implement Read/Write Separation via pgpool

Implementing Slow SQL Analysis Using the Auto_explain Plugin

Using pglogical for Logical Replication

Using Debezium to Collect PostgreSQL Data

Set Up a Remote Disaster Recovery Environment for PostgreSQL Locally on CVM

Read-Only Instance and Read-Only Group Practical Tutorial

How to Use SCF for Scheduled Database Operations

Fix Table Bloat

Performance White Paper

Test Methods

Test Results

API Documentation

History

Introduction

API Category

Making API Requests

Instance APIs

Read-Only Instance APIs

Backup and Recovery APIs

Parameter Management APIs

Security Group APIs

Performance Optimization APIs

Account APIs

Specification APIs

Network APIs

Data Types

Error Codes

FAQs

Service Agreement

Service Level Agreement

Glossary

Users and Permission Operations

PDF

Modo Foco

Tamanho da Fonte

Última atualização: 2024-01-24 11:16:51

TencentDB Default Role
TencentDB for PostgreSQL does not open the superuser role attribute and the pg_execute_server_program, pg_read_server_files, and pg_write_server_files roles for you to use. However, as some operations require the superuser role, TencentDB for PostgreSQL provides the pg_tencentdb_superuser to replace superuser.
pg_tencentdb_superuser Role
This role supports system permissions and database object permissions, as listed in the following tables.
System permissions
Permission
Description
CREATEDB
Create a database.
BYPASSRLS
Bypass all row-level security policy checks.
REPLICATION
Have the REPLICATION permission by default, and allow granting the REPLICATION permission to other users.
CREATEROLE
Have the same CREATEROLE permission as the community edition, except that the role cannot create the pg_read_server_files, pg_write_server_files, and pg_execute_server_program roles.
Object permissions
Object
Description
database
By default, have the permissions of all databases not owned by a  a superuser.
schema
By default, have the permissions of all schemas not owned by a superuser.
table/sequence
By default, have the permissions of all tables/sequences not owned by a  a superuser.
function
By default, have the permissions of all functions not owned by a superuser.
language
No permissions.
tablespace
No permissions.
FDW/foreign server
By default, have the permissions of all FDWs/foreign servers not owned by a  a superuser.
TYPE
By default, have the permissions of all TYPEs not owned by a superuser.
Other operations
Pub/Sub: the tencentdb_superuser role can implement the pub/sub messaging paradigm, create a publication for all tables, and create slots.
Extensions: the tencentdb_superuser role can create all supported extensions. When creating an extension, the pg_tencentdb_superuser is temporarily escalated to superuser and passes all permission checks. 
The load_file permission only allows loading supported extension libraries.
The tencentdb_superuser role can use the pgstat_get_backend_current_activity function to view deadlock details, so that users can easily troubleshoot deadlocks themselves.
The use of the pg_signal_backend function is restricted, and processes of the pg_tencentdb_superuser role can only be killed by itself.
Permission Operations
For more information, see the official documents in the PostgreSQL community:
Create a user:
CREATE USER name [ [ WITH ] option [ ... ] ]
﻿
where option can be:
﻿
    SUPERUSER | NOSUPERUSER
  | CREATEDB | NOCREATEDB
  | CREATEROLE | NOCREATEROLE
  | INHERIT | NOINHERIT
  | LOGIN | NOLOGIN
  | REPLICATION | NOREPLICATION
  | BYPASSRLS | NOBYPASSRLS
  | CONNECTION LIMIT connlimit
  | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
  | VALID UNTIL 'timestamp'
  | IN ROLE role_name [, ...]
  | IN GROUP role_name [, ...]
  | ROLE role_name [, ...]
  | ADMIN role_name [, ...]
  | USER role_name [, ...]
  | SYSID uid
Create a role:
CREATE ROLE name [ [ WITH ] option [ ... ] ]
﻿
where option can be:
﻿
    SUPERUSER | NOSUPERUSER
  | CREATEDB | NOCREATEDB
  | CREATEROLE | NOCREATEROLE
  | INHERIT | NOINHERIT
  | LOGIN | NOLOGIN
  | REPLICATION | NOREPLICATION
  | BYPASSRLS | NOBYPASSRLS
  | CONNECTION LIMIT connlimit
  | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
  | VALID UNTIL 'timestamp'
  | IN ROLE role_name [, ...]
  | IN GROUP role_name [, ...]
  | ROLE role_name [, ...]
  | ADMIN role_name [, ...]
  | USER role_name [, ...]
  | SYSID uid
Modify a role attribute:
ALTER ROLE role_specification [ WITH ] option [ ... ]
﻿
where option can be:
﻿
    SUPERUSER | NOSUPERUSER
  | CREATEDB | NOCREATEDB
  | CREATEROLE | NOCREATEROLE
  | INHERIT | NOINHERIT
  | LOGIN | NOLOGIN
  | REPLICATION | NOREPLICATION
  | BYPASSRLS | NOBYPASSRLS
  | CONNECTION LIMIT connlimit
  | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
  | VALID UNTIL 'timestamp'
Grant an object privilege to a role:
# Syntax example
GRANT <privilege> on <object> to <role>;
Revoke an object privilege from a role:
# Syntax example
REVOKE <privilege> ON <object> FROM <role>;
Grant a role to another role:
# Syntax example
GRANT <role name> to <another role>;
﻿

Ajuda e Suporte

Esta página foi útil?

Você também pode entrar em contato com a Equipe de vendas ou Enviar um tíquete em caso de ajuda.

comentários

Permission	Description
CREATEDB	Create a database.
BYPASSRLS	Bypass all row-level security policy checks.
REPLICATION	Have the REPLICATION permission by default, and allow granting the REPLICATION permission to other users.
CREATEROLE	Have the same CREATEROLE permission as the community edition, except that the role cannot create the pg_read_server_files, pg_write_server_files, and pg_execute_server_program roles.

Object	Description
database	By default, have the permissions of all databases not owned by a a superuser.
schema	By default, have the permissions of all schemas not owned by a superuser.
table/sequence	By default, have the permissions of all tables/sequences not owned by a a superuser.
function	By default, have the permissions of all functions not owned by a superuser.
language	No permissions.
tablespace	No permissions.
FDW/foreign server	By default, have the permissions of all FDWs/foreign servers not owned by a a superuser.
TYPE	By default, have the permissions of all TYPEs not owned by a superuser.

tencent cloud

TencentDB for PostgreSQL

Users and Permission Operations

TencentDB Default Role

pg_tencentdb_superuser Role

System permissions

Object permissions

Other operations

Permission Operations

Ajuda e Suporte