| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Gauthier, Dave" <dave(dot)gauthier(at)intel(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: alter default privileges problem |
| Date: | 2013-01-03 23:59:37 |
| Message-ID: | 4834.1357257577@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Gauthier, Dave" <dave(dot)gauthier(at)intel(dot)com> writes:
> create user "select" password 'select';
> create user "insert" password 'insert';
> alter default privileges for user "insert" grant select on tables to "select";
> alter default privileges for user "insert" grant select on sequences to "select";
> alter default privileges for user "insert" grant execute on functions to "select";
> Disconnect. Reconnect as user "insert", then...
> create table foo (a text);
> insert into foo (a) values ('aaa');
> Disconnect. Reconnect as user "select", expecting to be able to select contents of the "foo" table, but fails with "permission denied for relation foo".
Works for me. Maybe you've got some schema search path confusion,
or some such? "\dp foo" in psql might be enlightening, too. What
I see is
regression=> \dp foo
Access privileges
Schema | Name | Type | Access privileges | Column access privileges
--------+------+-------+-----------------------+--------------------------
public | foo | table | select=r/insert +|
| | | insert=arwdDxt/insert |
(1 row)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Patrick Krecker | 2013-01-04 04:18:00 | Re: Curious unnest behavior |
| Previous Message | John Abraham | 2013-01-03 23:31:40 | Unnecessary files that can be deleted/moved in cluster dir? |