REVOKE CONNECT ON DATABASE your_database FROM PUBLIC;

GRANT CONNECT
ON DATABASE database_name 
TO user_name;

REVOKE是必要的because

The key word PUBLIC indicates that the privileges are to be granted to
all roles,including those that might be created later. PUBLIC can be
thought of as an implicitly defined group that always includes all
roles. Any particular role will have the sum of privileges granted
directly to it,privileges granted to any role it is presently a
member of,and privileges granted to PUBLIC.

如果您真的想将用户限制为DML语句,那么您还需要做更多的事情：

REVOKE ALL
ON ALL TABLES IN SCHEMA public 
FROM PUBLIC;

GRANT SELECT,INSERT,DELETE
ON ALL TABLES IN SCHEMA public 
TO user_name;

这些假设您将只有一个模式(默认情况下名为“public”).

正如杰克道格拉斯指出的那样,上面只给出了现有表的特权.要在将来的表中实现相同的目标,您必须使用define default privileges：

ALTER DEFAULT PRIVILEGES 
    FOR ROLE some_role   -- Alternatively "FOR USER"
    IN SCHEMA public
    GRANT SELECT,DELETE ON TABLES TO user_name;

这里,some_role是创建表的角色,而user_name是获取权限的角色.定义此项,您必须以some_role或其成员身份登录.

最后,你必须对序列做同样的事情(感谢PlaidFan指出它) – 这里是你需要的USAGE特权.