PUBLIC 权限操作

[am@VM-91-60-centos ~]$psql -h10.*.*.* -p5432 -Udbadmin -dtest_db
Password for user dbadmin: 
psql (16.0, server 16.10)
Type "help" for help.

test_db=> \\c - am_a
psql (16.0, server 16.10)
You are now connected to database "test_db" as user "am_a".
test_db=> select oid FROM pg_class LIMIT 1;
 oid  
------
 2619
(1 row)

test_db=> \\c - dbadmin
Password for user dbadmin: 
psql (16.0, server 16.10)
You are now connected to database "test_db" as user "dbadmin".
test_db=> REVOKE SELECT ON pg_class FROM PUBLIC;
REVOKE
test_db=> \\c - am_a
Password for user am_a: 
psql (16.0, server 16.10)
You are now connected to database "test_db" as user "am_a".
test_db=> select oid FROM pg_class LIMIT 1;
ERROR:  permission denied for table pg_class

test_db=> \\c - dbadmin
Password for user dbadmin: 
psql (16.0, server 16.10)
You are now connected to database "test_db" as user "dbadmin".
test_db=> REVOKE CONNECT ON DATABASE test_db FROM PUBLIC;
REVOKE
test_db=> \\c - am_a 
Password for user am_a: 
connection to server at "10.*.*.*", port 5432 failed: FATAL:  permission denied for database "test_db"
DETAIL:  User does not have CONNECT privilege.
Previous connection kept

test_db=> \\c - dbadmin
psql (16.0, server 16.10)
You are now connected to database "test_db" as user "dbadmin".
test_db=> GRANT CONNECT ON DATABASE test_db TO am_a;
GRANT
test_db=> GRANT SELECT ON pg_class TO am_a;
GRANT
test_db=> \\c - am_a
Password for user am_a: 
psql (16.0, server 16.10)
You are now connected to database "test_db" as user "am_a".
test_db=> select oid FROM pg_class LIMIT 1;
 oid  
------
 2619
(1 row)