首先,您必须能够连接到数据库才能运行查询.这可以通过以下方式实现

REVOKE CONNECT ON DATABASE your_database FROM PUBLIC;

GRANT CONNECT

ON DATABASE database_name

TO user_name;

REVOKE是必要的because

The key word PUBLIC indicates that the privileges are to be granted to

all roles,including those that might be created later. PUBLIC can be

thought of as an implicitly defined group that always includes all

roles. Any particular role will have the sum of privileges granted

directly to it,privileges granted to any role it is presently a

member of,and privileges granted to PUBLIC.

如果您真的想将用户限制为DML语句,那么您还需要做更多的事情：

REVOKE ALL

ON ALL TABLES IN SCHEMA public

FROM PUBLIC;

GRANT SELECT,INSERT,DELETE

ON ALL TABLES IN SCHEMA public

TO user_name;

这些假设您将只有一个模式(默认情况下名为“public”).

正如杰克道格拉斯指出的那样,上面只给出了现有表的特权.要在将来的表中实现相同的目标,您必须使用define default privileges：

ALTER DEFAULT PRIVILEGES

FOR ROLE some_role -- Alternatively "FOR USER"

IN SCHEMA public

GRANT SELECT,DELETE ON TABLES TO user_name;

这里,some_role是创建表的角色,而user_name是获取权限的角色.定义此项,您必须以some_role或其成员身份登录.

最后,你必须对序列做同样的事情(感谢PlaidFan指出它) – 这里是你需要的USAGE特权.