# BD_Manual:auth/biz Schema 与权限配置 > 目标库:`test_zqyy_app`(通过 `APP_DB_DSN` 连接) > 迁移脚本:`db/zqyy_app/migrations/2026-02-24__p1_create_auth_biz_schemas.sql` > 关联 SPEC:`miniapp-db-foundation`(P1 基础设施层) --- ## 1. 变更说明 ### 新增 Schema | Schema | 用途 | |--------|------| | `auth` | 用户认证、权限、微信 OpenID 映射等 | | `biz` | 业务数据(任务、备注、AI 分析、Excel 导出等) | ### 权限配置 | 角色 | Schema | 权限 | |------|--------|------| | `app_user` | `auth` | `USAGE` + `SELECT, INSERT, UPDATE, DELETE ON ALL TABLES` + `ALTER DEFAULT PRIVILEGES` | | `app_user` | `biz` | `USAGE` + `SELECT, INSERT, UPDATE, DELETE ON ALL TABLES` + `ALTER DEFAULT PRIVILEGES` | ### 未操作的 Schema - `public`:保留现有系统管理表(`admin_users`、`roles`、`permissions` 等)不受影响,脚本不包含任何对 `public` Schema 的操作 --- ## 2. 兼容性影响 | 组件 | 影响 | |------|------| | ETL 任务 | 无影响。本脚本仅操作业务库,不涉及 ETL 库 | | 后端 API | 前置依赖。后续业务表将创建在 `auth`/`biz` Schema 中,后端需使用 `auth.` / `biz.` 前缀或设置 `search_path` | | 小程序 | 无直接影响。小程序通过后端 API 间接访问 | | 管理后台 | 无直接影响 | | FDW 配置 | 无影响。`fdw_etl` Schema 独立于 `auth`/`biz` | | `public` Schema | 无影响。脚本不包含任何对 `public` 的操作 | --- ## 3. 回滚策略 迁移脚本末尾已包含注释形式的回滚语句,按逆序执行: ```sql ALTER DEFAULT PRIVILEGES IN SCHEMA biz REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLES FROM app_user; ALTER DEFAULT PRIVILEGES IN SCHEMA auth REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLES FROM app_user; REVOKE SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA biz FROM app_user; REVOKE USAGE ON SCHEMA biz FROM app_user; REVOKE SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA auth FROM app_user; REVOKE USAGE ON SCHEMA auth FROM app_user; DROP SCHEMA IF EXISTS biz CASCADE; DROP SCHEMA IF EXISTS auth CASCADE; ``` 注意:`DROP SCHEMA CASCADE` 会级联删除 Schema 内所有表和依赖对象。如果 `auth`/`biz` 中已有业务表,需先备份数据再执行回滚。 --- ## 4. 验证 SQL ```sql -- 1. 验证 auth 和 biz Schema 存在 SELECT schema_name FROM information_schema.schemata WHERE schema_name IN ('auth', 'biz') ORDER BY schema_name; -- 2. 验证 app_user 对 auth Schema 有 USAGE 权限 SELECT has_schema_privilege('app_user', 'auth', 'USAGE') AS auth_usage, has_schema_privilege('app_user', 'biz', 'USAGE') AS biz_usage; -- 3. 验证 ALTER DEFAULT PRIVILEGES 已设置(查询 pg_default_acl) SELECT n.nspname AS schema_name, d.defaclacl AS default_acl FROM pg_default_acl d JOIN pg_namespace n ON n.oid = d.defaclnamespace WHERE n.nspname IN ('auth', 'biz'); -- 4. 验证 public Schema 中现有表未受影响 SELECT table_name FROM information_schema.tables WHERE table_schema = 'public' ORDER BY table_name; ```