| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Michael Orlitzky <michael(at)orlitzky(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: State of the art re: group default privileges |
| Date: | 2013-03-20 20:12:49 |
| Message-ID: | 20130320201249.GG3688@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Michael Orlitzky wrote:
> I'm running into this exact situation:
>
> http://www.postgresql.org/message-id/CAG1_KcBFM0e2buUG=o7OjQ_KtadrzDGd45jU7Gke3dUZ0Sz92g@mail.gmail.com
>
> We really need to be able to have a group of developers who can create
> things and modify each others' stuff[1]. Is it still more or less
> impossible?
>
> The workaround that comes to mind is a script to enumerate all
> "developers" and then set the defaults one at a time. This breaks
> however when we add a new developer -- he can't access any of the
> existing stuff.
I don't understand. Why doesn't alice do a "set role dev_user" before
creating the table? Then, the table owner is dev_user, not alice, and
default privileges for dev_user apply. In fact you needn't run ALTER
DEFAULT PRIVILEGES at all, because dev_user will be owner of the
objects, and both alice and bob have that role.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Orlitzky | 2013-03-20 20:24:02 | Re: State of the art re: group default privileges |
| Previous Message | Martín Marqués | 2013-03-20 20:12:44 | Re: Can't terminate hung COPY |