| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "etienne(dot)champetier(at)free(dot)fr *EXTERN*" <etienne(dot)champetier(at)free(dot)fr> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Reset permissions on table |
| Date: | 2013-02-15 13:21:58 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B057B3C58@ntex2010a.host.magwien.gv.at |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
etienne champetier wrote:
>>> By default there is no permissions on table (\dp return 0 row)
>>> If I make a GRANT, doing a REVOKE will not get me in the 'default'
>>> state
>>>
>>> How to return in the default state, where permission are
>>> 'inherited' from owner.
>>
>> \dp should return a row for each table in
>> your search_path.
>
> Sorry, i meant \dp <table-name> and it effectively return 1 row per table (mistype ...)
>
>> I assume that you are referring to the empty
>> "Access privileges" column.
>>
>> After granting and revoking a privilege, the value
>> showd be "owner=arwdDxt/owner" (where "owner" is
>> the user that owns the table).
>>
>> This is the default value: the owner has all
>> privileges and nobody else has any.
>>
>> It does not matter if the ACL is left empty
>> (it contains a NULL value initially) or if
>> it contains the default explicitly.
>
> If i do a GRANT and a REVOKE, i loose access to the table.
> \dp <table-name> return the same thing but before GRANT it's NULL and after REVOKE it's not.
>
> It matter when you want to change owner and you forgot this table where there is explicit right.
I don't understand - it seems to work for me:
CREATE TABLE test(id integer PRIMARY KEY);
\dp test
Access privileges
Schema | Name | Type | Access privileges | Column access privileges
---------+------+-------+-------------------+--------------------------
laurenz | test | table | |
(1 row)
REVOKE SELECT ON test FROM georg;
\dp test
Access privileges
Schema | Name | Type | Access privileges | Column access privileges
---------+------+-------+-------------------------+--------------------------
laurenz | test | table | laurenz=arwdDxt/laurenz |
(1 row)
These are the default privileges.
ALTER TABLE test OWNER TO georg;
\dp test
Access privileges
Schema | Name | Type | Access privileges | Column access privileges
---------+------+-------+---------------------+--------------------------
laurenz | test | table | georg=arwdDxt/georg |
(1 row)
The table still has the default privileges,
but now it belongs to "georg".
Maybe you can illustrate your problem with an example.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Strube | 2013-02-15 13:50:10 | Re: Query becomes slow when written as view |
| Previous Message | etienne.champetier | 2013-02-15 13:02:31 | Re: Reset permissions on table |