From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
---|---|
To: | Schmid Andreas <Andreas(dot)Schmid(at)bd(dot)so(dot)ch>, "'pgsql-general(at)lists(dot)postgresql(dot)org'" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: How to allow users to create and modify tables only in their own schemas, but with generic table owner |
Date: | 2020-03-06 15:00:46 |
Message-ID: | 29d4aa524d0f9d88e9a98639a92e12d2cd966630.camel@cybertec.at |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Fri, 2020-03-06 at 11:04 +0000, Schmid Andreas wrote:
> I'd like to setup my database in a way that only a superuser may create schemas,
> then grants permission to a specific user to create tables inside this schema.
> This should work so far with GRANT CREATE ON SCHEMA ... TO user_a.
> However I want the table owner not to be the user that creates the tables.
> Instead the owner should rather be a generic role (e.g. table_owner), and the
> owner should be the same over all tables of the whole database. This would work,
> too, if I grant membership in role table_owner to all users that may create tables.
> (The users must issue a SET ROLE table_owner before creating tables.)
Yes, that will work, but you have to SET ROLE before creating the table.
> What I didn't achieve so far is making sure that user_a who created tables in schema_a
> cannot crete/modify tables of schema_b that were created by user_b. Do you see any way
> to achieve this, while still sticking to that generic owner role?
No, that is impossible.
But I don't understand the motivation: If you want that, why would you
want a "table_owner" role?
If you don't want user B to be able to drop user A's table, why don't
you have each user be the owner of his tables?
Yours,
Laurenz Albe
From | Date | Subject | |
---|---|---|---|
Next Message | Fabio Ugo Venchiarutti | 2020-03-06 15:09:33 | Re: Limit transaction lifetime |
Previous Message | Laurenz Albe | 2020-03-06 14:55:27 | Re: Real application clustering in postgres. |