From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | "Hilbert, Karin" <ioh1(at)psu(dot)edu>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: ALTER DEFAULT PRIVILEGES FOR ROLE |
Date: | 2019-01-30 19:16:14 |
Message-ID: | 11eb0d12-22fd-f662-f8ac-722e741ceeec@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 1/30/19 10:57 AM, Hilbert, Karin wrote:
> After a database was updated by the application, a schema dump showed
> the following default privilege statements:
>
> --
> -- Name: DEFAULT PRIVILEGES FOR SEQUENCES; Type: DEFAULT ACL; Schema:
> public; Owner: gitlab_dbo
> --
>
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public REVOKE ALL
> ON SEQUENCES FROM <dbowner>;
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT
> SELECT,USAGE ON SEQUENCES TO <appuser>;
>
>
> --
> -- Name: DEFAULT PRIVILEGES FOR TABLES; Type: DEFAULT ACL; Schema:
> public; Owner: <dbowner>
> --
>
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public REVOKE ALL
> ON TABLES FROM <dbowner>;
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT
> SELECT,INSERT,DELETE,UPDATE ON TABLES TO <appuser>;
>
> Why would you want to revoke all privileges from the dbowner?
You would have to ask the application developer.
> It actually had granted the privileges to PUBLIC, but I revoked those
> privileges & changed it to the app account.
This seems to be a continuation of your previous post. It would seem you
and the application developer need to have a head to head and agree on
what the privilege/permissions policy for this application/database
needs to be.
>
>
> What is the difference between these statements?:
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT ...
> TO <appuser>;
> ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ... TO <appuser>;
The first is keyed to a ROLE, the second to a SCHEMA.
>
>
>
> Karin Hilbert
> Database Specialist
> Administrative Information Services
> Pennsylvania State University
> 25 Shields Bldg., University Park, PA 16802
> Work - 814-863-3633
> Email - ioh1(at)psu(dot)edu
> IM - ioh1(at)chat(dot)psu(dot)edu
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | David Kremer | 2019-01-30 21:09:02 | Java's org.postgresql.util.PSQLState is missing common PostgreSQL Error Codes |
Previous Message | Hilbert, Karin | 2019-01-30 18:57:08 | ALTER DEFAULT PRIVILEGES FOR ROLE |