PostgreSQL(02): PostgreSQL常用命令
阅读原文时间:2023年07月08日阅读:2

目录

PostgreSQL 常用命令

满足验证条件的用户, 可以用psql命令进入pg的命令行交互模式

用户管理相关

\du\du+

postgres=# \du;
                                   List of roles
 Role name |                         Attributes                         | Member of
-----------+------------------------------------------------------------+-----------
 postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
 ubuntu    |                                                            | {}

postgres=# \du+;
                                          List of roles
 Role name |                         Attributes                         | Member of | Description
-----------+------------------------------------------------------------+-----------+-------------
 postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}        |
 ubuntu    |                                                            | {}        |

查看role的全局权限和口令, pg通过host登录, 验证的是role的密码

postgres=# select rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, substring(rolpassword, 1, 18) from pg_authid;
          rolname          | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit |     substring
---------------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+--------------------
 postgres                  | t        | t          | t             | t           | t           | t              | t            |           -1 |
 pg_database_owner         | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_read_all_data          | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_write_all_data         | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_monitor                | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_read_all_settings      | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_read_all_stats         | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_stat_scan_tables       | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_read_server_files      | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_write_server_files     | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_execute_server_program | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_signal_backend         | f        | t          | f             | f           | f           | f              | f            |           -1 |
 pg_checkpoint             | f        | t          | f             | f           | f           | f              | f            |           -1 |
 ubuntu                    | f        | t          | f             | f           | t           | f              | f            |           -1 |
(14 rows)

4个sql执行的结果没什么区别, 口令都会用SHA-256加密

postgres=# CREATE USER test_user1 WITH PASSWORD 'secret_passwd';
CREATE ROLE
postgres=# CREATE USER test_user2 WITH ENCRYPTED PASSWORD 'secret_passwd';
CREATE ROLE
postgres=# CREATE ROLE test_user3 WITH LOGIN PASSWORD 'secret_passwd';
CREATE ROLE
postgres=# CREATE ROLE test_user4 WITH LOGIN ENCRYPTED PASSWORD 'secret_passwd';
CREATE ROLE
-- 查看添加的结果
postgres=# select rolname, rolsuper, rolinherit, rolcreaterole, rolcreatedb, rolcanlogin, rolreplication, rolbypassrls, rolconnlimit, substring(rolpassword, 1, 18) from pg_authid;
          rolname          | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypassrls | rolconnlimit |     substring
---------------------------+----------+------------+---------------+-------------+-------------+----------------+--------------+--------------+--------------------
 postgres                  | t        | t          | t             | t           | t           | t              | t            |           -1 |
 pg_database_owner         | f        | t          | f             | f           | f           | f              | f            |           -1 |
 ...
 ubuntu                    | f        | t          | f             | f           | t           | f              | f            |           -1 |
 test_user1                | f        | t          | f             | f           | t           | f              | f            |           -1 | SCRAM-SHA-256$4096
 test_user2                | f        | t          | f             | f           | t           | f              | f            |           -1 | SCRAM-SHA-256$4096
 test_user3                | f        | t          | f             | f           | t           | f              | f            |           -1 | SCRAM-SHA-256$4096
 test_user4                | f        | t          | f             | f           | t           | f              | f            |           -1 | SCRAM-SHA-256$4096
(18 rows)

查看user表

template1=# SELECT * FROM pg_user;
  usename   | usesysid | usecreatedb | usesuper | userepl | usebypassrls |  passwd  | valuntil | useconfig
------------+----------+-------------+----------+---------+--------------+----------+----------+-----------
 postgres   |       10 | t           | t        | t       | t            | ******** |          |
 ubuntu     |    16388 | f           | f        | f       | f            | ******** |          |
 test_user2 |    16390 | f           | f        | f       | f            | ******** |          |
 test_user3 |    16391 | f           | f        | f       | f            | ******** |          |
 test_user4 |    16392 | f           | f        | f       | f            | ******** |          |
 test_user1 |    16389 | f           | f        | f       | f            | ******** |          |
(6 rows)


postgres=# ALTER ROLE test_user1 WITH password 'secret_passwd1';
ALTER ROLE

可以直接将一个用户的权限赋给另一个用户(以及收回)

GRANT myuser TO myuser1;
REVOKE myuser FROM myuser1;

查看用户权限之间的引用关系

postgres=# SELECT
      r.rolname,
      ARRAY(SELECT b.rolname
            FROM pg_catalog.pg_auth_members m
            JOIN pg_catalog.pg_roles b ON (m.roleid = b.oid)
            WHERE m.member = r.oid) as memberof
FROM pg_catalog.pg_roles r
WHERE r.rolname NOT IN ('pg_signal_backend','rds_iam',
                        'rds_replication','rds_superuser',
                        'rdsadmin','rdsrepladmin')
ORDER BY 1;
          rolname          |                           memberof
---------------------------+--------------------------------------------------------------
 pg_checkpoint             | {}
 pg_database_owner         | {}
 pg_execute_server_program | {}
 pg_monitor                | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables}
 pg_read_all_data          | {}
 pg_read_all_settings      | {}
 pg_read_all_stats         | {}
 pg_read_server_files      | {}
 pg_stat_scan_tables       | {}
 pg_write_all_data         | {}
 pg_write_server_files     | {}
 postgres                  | {}
 test_user1                | {}
 test_user2                | {}
 test_user3                | {}
 test_user4                | {}
 ubuntu                    | {}
(17 rows)

DATABASE 相关

\l

postgres=# \l
                                             List of databases
   Name    |  Owner   | Encoding | Collate |  Ctype  | ICU Locale | Locale Provider |   Access privileges
-----------+----------+----------+---------+---------+------------+-----------------+-----------------------
 postgres  | postgres | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            |
 template0 | postgres | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            | =c/postgres          +
           |          |          |         |         |            |                 | postgres=CTc/postgres
 template1 | postgres | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            | =c/postgres          +
           |          |          |         |         |            |                 | postgres=CTc/postgres
(3 rows)

\c [dbname]

postgres=# \c template1
You are now connected to database "template1" as user "postgres".

创建数据库并指定owner, 修改owner

-- 如果不指定, 则owner为当前用户
template1=# CREATE DATABASE test_db1;
CREATE DATABASE
-- 指定用户
template1=# CREATE DATABASE test_db2 OWNER test_user2;
CREATE DATABASE
template1=# CREATE DATABASE test_db3;
CREATE DATABASE
template1=# \l
                                              List of databases
   Name    |   Owner    | Encoding | Collate |  Ctype  | ICU Locale | Locale Provider |   Access privileges
-----------+------------+----------+---------+---------+------------+-----------------+-----------------------
...
 test_db1  | postgres   | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            |
 test_db2  | test_user2 | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            |
 test_db3  | postgres   | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            |
(6 rows)

-- 修改owner
template1=# ALTER DATABASE test_db3 OWNER to test_user3;
ALTER DATABASE
-- 查看修改结果
template1=# \l
                                              List of databases
   Name    |   Owner    | Encoding | Collate |  Ctype  | ICU Locale | Locale Provider |   Access privileges
-----------+------------+----------+---------+---------+------------+-----------------+-----------------------
 ...
 test_db1  | postgres   | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            |
 test_db2  | test_user2 | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            |
 test_db3  | test_user3 | UTF8     | C.UTF-8 | C.UTF-8 |            | libc            |


template1=# DROP DATABASE test_db3;
DROP DATABASE
-- 删除前判断是否存在
template1=# DROP DATABASE IF EXISTS test_db3;
NOTICE:  database "test_db3" does not exist, skipping
DROP DATABASE

只是授权, 和owner有区别

-- 授权部分权限
template1=# GRANT CONNECT ON DATABASE test_db1 TO test_user1;
GRANT
-- 授权全部权限
template1=# GRANT ALL PRIVILEGES ON DATABASE test_db1 TO test_user2;
GRANT

查看数据库权限, 将sql中的 test_user2 换成要检查的目标用户

SELECT 'test_user2', datname, array(
    SELECT privs FROM unnest(ARRAY[
    (CASE WHEN has_database_privilege('test_user2',c.oid,'CONNECT') THEN 'CONNECT' ELSE NULL END),
    (CASE WHEN has_database_privilege('test_user2',c.oid,'CREATE') THEN 'CREATE' ELSE NULL END),
    (CASE WHEN has_database_privilege('test_user2',c.oid,'TEMPORARY') THEN 'TEMPORARY' ELSE NULL END),
    (CASE WHEN has_database_privilege('test_user2',c.oid,'TEMP') THEN 'TEMP' ELSE NULL END)])
    foo(privs)
    WHERE privs IS NOT NULL
) FROM pg_database c;

  ?column?  |  datname  |              array
------------+-----------+---------------------------------
 test_user2 | postgres  | {CONNECT,TEMPORARY,TEMP}
 test_user2 | template1 | {CONNECT}
 test_user2 | template0 | {CONNECT}
 test_user2 | test_db2  | {CONNECT,CREATE,TEMPORARY,TEMP}
 test_user2 | test_db1  | {CONNECT,CREATE,TEMPORARY,TEMP}
(5 rows)

SCHEMA 相关

每个database都包含一个缺省的schema, 名称为 public, 如果不指定, 则使用这个缺省的 schema.

除了public和用户创建的schema之外, 每个数据库都包含一个pg_catalog的schema, 它包含系统表和所有内置数据类型、函数、操作符. pg_catalog 总是搜索路径中的一部分. 如果它没有明确出现在路径中, 那么它隐含地在所有路径之前搜索. 这样就保证了内置名字总是可以被搜索. 不过, 你可以明确地把pg_catalog放在搜索路径之后, 如果你想使用用户自定义的名字覆盖内置的名字的话.

-- 新增
CREATE SCHEMA aStock;
CREATE SCHEMA schema_name AUTHORIZATION user_name;
-- 删除空schema
DROP SCHEMA aStock;
-- 递归删除非空 schema
DROP SCHEMA aStock CASCADE;

-- 显示搜索路径
SHOW search_path;
-- 变更搜索路径:
SET search_path TO aStock, public;
SET search_path TO myschema;

授权schema给用户

GRANT USAGE ON SCHEMA myschema TO myuser;
-- 如果用户需要建表权限
GRANT USAGE, CREATE ON SCHEMA myschema TO myuser;

TABLE 相关

授权table给用户

GRANT SELECT ON TABLE mytable1, mytable2 TO myuser;
-- 如果需要包含myschema下所有table和view
GRANT SELECT ON ALL TABLES IN SCHEMA myschema TO myuser;
-- 如果需要增删改
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE mytable1, mytable2 TO myuser;
-- 如果需要包含myschema下所有table和view
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA myschema TO myuser;

注意上面的命令, 如果schema下创建了新table, myuser并不能访问, 如果要新建的table也自动授权, 需要使用下面的语句

ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT ON TABLES TO myuser;
-- 带增删改
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO myuser;

SEQUENCE 相关

GRANT USAGE ON SEQUENCE myseq1, myseq2 TO readwrite;
-- You can also grant permission to all sequences using the following SQL statement:
GRANT USAGE ON ALL SEQUENCES IN SCHEMA myschema TO readwrite;
-- To automatically grant permissions to sequences added in the future:
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT USAGE ON SEQUENCES TO readwrite;

复杂查询

根据bank_card_no分组, 取时间最晚的一条, 使用ROW_NUMBER() OVER (PARTITION BY [col1] ORDER BY [col2] [ASC|DESC]) AS [alias]格式

WITH tb1 AS (
  SELECT
    goods_order.*,
    ROW_NUMBER() OVER (PARTITION BY goods_order.bank_card_no ORDER BY created_at DESC ) AS rn
  FROM
    goods_order
  WHERE goods_order.batch_id = 521
)
SELECT * from tb1
WHERE rn=1

和MySQL一样, 如果要update的字段也在取值参数中, 需要多加一层select隔离一下才能执行

UPDATE goods_order
SET card_label = (select json_agg(t001.t) from (
  select distinct(jsonb_array_elements(goods_order.card_label || '["tag1","tag2","tag3"]'::jsonb)) as t
) t001)
where
bank_card_no IN ( '123123123123' )


SELECT
    goods_order.*,
    max(goods_order.created_at) OVER w AS created_at_max,
    min(goods_order.created_at) OVER w AS created_at_min,
    count(1) OVER w AS row_count,
    ROW_NUMBER() OVER w1 AS seq
  FROM
    goods_order
  WHERE
    (
      goods_order.data_import_id = 2
      OR goods_order.data_import_id = 534
    )
WINDOW
w AS (PARTITION BY goods_order.bank_card_no),
w1 AS (PARTITION BY goods_order.bank_card_no ORDER BY created_at DESC)

使用temp view 简化后续查询

CREATE OR REPLACE TEMP VIEW view1 AS
SELECT
    goods_order.*,
    max(goods_order.created_at) OVER w AS created_at_max,
    min(goods_order.created_at) OVER w AS created_at_min,
    count(1) OVER w AS row_count,
    ROW_NUMBER() OVER w1 AS seq
  FROM
    goods_order
  WHERE
    (
      goods_order.data_import_id = 2
      OR goods_order.data_import_id = 534
    )
WINDOW
w AS (PARTITION BY goods_order.bank_card_no),
w1 AS (PARTITION BY goods_order.bank_card_no ORDER BY created_at DESC);

select count(1) from view1;