| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | Darin Perusich <Darin(dot)Perusich(at)ctg(dot)com> |
| Cc: | Richard Broersma <richard(dot)broersma(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: forcing table ownership |
| Date: | 2011-09-16 13:53:54 |
| Message-ID: | 4E7354F2.3010806@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 16/09/11 14:13, Darin Perusich wrote:
>
> Altering the table owner by setting it to the group role effectively
> denies permission to all users of the group. Unless they explicitly "SET
> role grp1" that is.
I've already got a user "richardh"
As a superuser:
CREATE GROUP mygroup INHERIT;
GRANT mygroup TO richardh;
CREATE TABLE shared_table (i int);
As richardh:
ALTER TABLE shared_table ADD COLUMN t text;
ERROR: must be owner of relation shared_table
As superuser:
ALTER TABLE shared_table OWNER TO mygroup;
As richardh:
ALTER TABLE shared_table ADD COLUMN t text;
ALTER TABLE
I think the key bit you're missing is the "INHERIT" on the group. Also
note that the CREATE USER/CREATE GROUP commands actually just run CREATE
ROLE under the hood.
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc Mamin | 2011-09-16 14:01:41 | Re: What do you like to get ? |
| Previous Message | Josh Kupershmidt | 2011-09-16 13:46:05 | Re: What do you like to get ? |