Create a database bbb and owner is user b:
postgres9.6@[local]:5432 postgres# create database bbb owner b; CREATE DATABASE Time: 259.099 ms
By default, you can also connect to the database bbb using user c:
postgres9.6@[local]:5432 postgres# \c bbb c You are now connected to database "bbb" as user "c".
Recycling public's connect on database bbb permissions:
c@[local]:5432 bbb# \c postgres postgres9.6 You are now connected to database "postgres" as user "postgres9.6". postgres9.6@[local]:5432 postgres# revoke connect on database bbb from public; REVOKE Time: 2.088 ms
At this time, user c does not have permission to connect to the database bbb:
postgres9.6@[local]:5432 postgres# \c bbb c FATAL: permission denied for database "bbb" DETAIL: User does not have CONNECT privilege. Previous connection kept
But the owner user b of the bbb database can connect to the database:
postgres9.6@[local]:5432 postgres# \c bbb b You are now connected to database "bbb" as user "b". b@[local]:5432 bbb#
In this case, the superuser can also connect to the database:
b@[local]:5432 bbb# \c bbb postgres9.6
You are now connected to database "bbb" as user "postgres9.6".
postgres9.6@[local]:5432 bbb#
postgres9.6@[local]:5432 bbb# \du
List of roles
Role name | Attributes | Member of
-------------+------------------------------------------------------------+-----------
a | | {}
b | | {}
c | | {}
postgres9.6 | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
Another method: define from pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust ... # host all all 0.0.0.0/0 md5
Additional: Postgres limits each user to only connect to a specified number of sessions to prevent server resources from being tight
Limit each user to connect to a specified number of sessions to prevent server resources from being tight
(1) Create a test user:
highgo=#create user test;
CREATEROLE
highgo=#\du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+----------
highgo | Superuser, Create role, Create DB, Replication | {}
test | | {}
(2) Setting only allows users to use one connection by test
highgo=#ALTER ROLE test CONNECTION LIMIT 1; ALTERROLE
(3) Use the test user to connect to the highgo database in session 1
highgo=>\c highgo test Youare now connected to database "highgo" as user "test". highgo=>
(4) In session 2, use the test user to connect to the highgo database, and the following error will appear:
highgo=#\c highgo test Fatal error: By the role"test"Too many connections initiated Previousconnection kept
(5) Query user test link restrictions
highgo=>SELECT rolconnlimit FROM pg_roles WHERE rolname = 'test';
rolconnlimit
--------------
1
(1row)
The above is personal experience. I hope you can give you a reference and I hope you can support me more. If there are any mistakes or no complete considerations, I would like to give you advice.