| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Jorge Torralba <jorge(dot)torralba(at)gmail(dot)com>, "[ADMIN]" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Issues with privileges carrying over after alter table owner |
| Date: | 2019-05-04 18:12:13 |
| Message-ID: | 295aef49-f403-5710-2f16-ffc62d6e3742@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On 5/1/19 5:50 PM, Jorge Torralba wrote:
> If I create table "yyy" as a special user with a set of privileges, the
> grantee and gantor data from thopse privs are there.
> If I create table 'xxx' as a different user, then alter the table owner
> the grantor and grantee information is not carried over.
> How can we get all the privileges and grants inherited when a table
> owner is altered ?
That is not the behavior I see:
create table ownertest(id int);
alter table ownertest owner to joe;
grant select on table ownertest to alice;
select * from information_schema.table_privileges where table_name =
'ownertest';
grantor | grantee | table_catalog | table_schema | table_name |
privilege_type | is_grantable | with_hierarchy
---------+---------+---------------+--------------+------------+----------------+--------------+----------------
joe | joe | deepdive | public | ownertest | INSERT
| YES | NO
joe | joe | deepdive | public | ownertest | SELECT
| YES | YES
joe | joe | deepdive | public | ownertest | UPDATE
| YES | NO
joe | joe | deepdive | public | ownertest | DELETE
| YES | NO
joe | joe | deepdive | public | ownertest |
TRUNCATE | YES | NO
joe | joe | deepdive | public | ownertest |
REFERENCES | YES | NO
joe | joe | deepdive | public | ownertest | TRIGGER
| YES | NO
joe | alice | deepdive | public | ownertest | SELECT
| NO | YES
(8 rows)
alter table ownertest owner to mary;
select * from information_schema.table_privileges where table_name =
'ownertest';
grantor | grantee | table_catalog | table_schema | table_name |
privilege_type | is_grantable | with_hierarchy
---------+---------+---------------+--------------+------------+----------------+--------------+----------------
mary | mary | deepdive | public | ownertest | INSERT
| YES | NO
mary | mary | deepdive | public | ownertest | SELECT
| YES | YES
mary | mary | deepdive | public | ownertest | UPDATE
| YES | NO
mary | mary | deepdive | public | ownertest | DELETE
| YES | NO
mary | mary | deepdive | public | ownertest |
TRUNCATE | YES | NO
mary | mary | deepdive | public | ownertest |
REFERENCES | YES | NO
mary | mary | deepdive | public | ownertest | TRIGGER
| YES | NO
mary | alice | deepdive | public | ownertest | SELECT
| NO | YES
(8 rows)
You will need to tell us exactly what version of postgres you are
running and show us precisely what commands are being run (as I have
above - a self contained test case) if you want us to be able to help.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mariel Cherkassky | 2019-05-05 11:32:46 | old cluster does not use data checksums but the new one does |
| Previous Message | Joe Conway | 2019-05-04 17:56:51 | Re: role/user management |