Since the superuser permissions are not completely released during the use of RDS, we recommend that you create a separate account and use the schema to manage your private data space when using the database.
Note: In the following example, myuser is the management account which has been created for the instance and newuser is the new account to be created.
Create an account with logon permissions.
CREATE USER newuser LOGIN PASSWORD 'password';
Parameters are described as follows:
USER: Name of the account to be created, for example, newuser.
password: Password of the account, for example, password.
Create a schema for the new account.
CREATE SCHEMA newuser;
GRANT newuser to myuser;
ALTER SCHEMA myuser OWNER TO newuser;
REVOKE newuser FROM myuser;
- If newuser is not added to the myuser role before
ALTER SCHEMA newuser OWNER TO newuser, the following permission error is displayed:
ERROR: must be member of role "newuser"
- For security reasons, remove newuser from myuser role to improve security after the authorization of OWNER is handled.
Use newuser to log on to the database.
psql -U newuser -h intranet4example.pg.rds.aliyuncs.com -p 3433 pg001
Password for user newuser:
psql.bin (9.4.4, server 9.4.1)
Type "help" for help.