Re: grant everything on everything and then revoke

From: Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: grant everything on everything and then revoke
Date: 2009-03-03 17:54:05
Message-ID: 20090303185405.7372c6d9@dawn.webthatworks.it
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Tue, 03 Mar 2009 09:29:17 -0800
John R Pierce <pierce(at)hogranch(dot)com> wrote:

> Ivan Sergio Borgonovo wrote:
> > I'd like to have different users mainly to have a different
> > search schema path.
> > Things may evolve so this is not going to be the only reason to
> > have more than one user.

> > But I'm faced with the problem of granting the same access of the
> > owner of the db to the other users.

> ...

> have the database owned by a 'ROLE and make your users members of
> that ROLE.

This looks really neat for the beginning and it doesn't even look as
an hack ;)
What if I had to differentiate privileges of each user?
Will revoking privileges on each users work?

I didn't understand how

CREATE SCHEMA schemaname AUTHORIZATION username;

AUTHORIZATION really works and maybe it could be another way to
approach the problem.

Thanks to everybody.

Even the pointer to the functions was interesting.
The acl_admin.grant_on_all seems what my initial quest was looking
for, but the ROLE trick seems much more straight forward currently.

--
Ivan Sergio Borgonovo
http://www.webthatworks.it

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Joshua Tolley 2009-03-03 20:39:22 Re: postgreSQL & amazon ec2 cloud
Previous Message Chris Browne 2009-03-03 17:45:15 Re: How to delete all locks? Re: Strange behavior: row won't delete