| From: | Erik Wienhold <ewie(at)ewie(dot)name> |
|---|---|
| To: | Dominique Devienne <ddevienne(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Hellen Jiang <hjiang(at)federatedwireless(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Read only user permission |
| Date: | 2023-08-24 09:34:32 |
| Message-ID: | 924297640.391660.1692869672732@office.mailbox.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> On 24/08/2023 10:11 CEST Dominique Devienne <ddevienne(at)gmail(dot)com> wrote:
>
> On Wed, Aug 23, 2023 at 7:46 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >
> > The readwrite user (not the admin) would need to issue ALTER DEFAULT
> > PRIVILEGES granting that.
>
> Hi. I'm confused Tom. Why should it matter who created the new tables?
>
> I'm also using DEFAULT PRIVILEGES, for the very reason they dynamically
> extend to newly created objects in the schema.
> And I don't remember reading anything like what you imply. Could you please
> pinpoint in the doc where this would be explained?
>
> DEFAULT PRIVILEGES only apply to DDLs made by the role who did the GRANT'ing?
>
> In my case, the schema owner does both the granting and DDLs, so I guess I'll
> be OK.
> I just want to make sure I understand the situation better. Thanks, --DD
This is implied by:
"You can change default privileges only for objects that will be
created by yourself or by roles that you are a member of."
--
Erik
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominique Devienne | 2023-08-24 09:44:28 | Re: Read only user permission |
| Previous Message | Dominique Devienne | 2023-08-24 08:11:26 | Re: Read only user permission |