| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "'Durumdara *EXTERN*'" <durumdara(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Restricted access on DataBases |
| Date: | 2016-10-04 10:57:03 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B538BDA44@ntex2010i.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Durumdara wrote:
[...]
> --- login with postgres:
[...]
> ALTER DEFAULT PRIVILEGES
> GRANT INSERT, SELECT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER ON TABLES
> TO u_tr_db;
>
> ---- login with u_tr_main:
>
> create table t_canyouseeme_1 (k int);
>
> ---- login with u_tr_db:
>
> select * from t_canyouseeme_1;
>
> ERROR: permission denied for relation t_canyouseeme_1
> SQL state: 42501
>
> As you see before, u_tr_db got all default privileges on future tables, so I don't understand why he
> don't get to "t_canyouseeme_1".
You should have written
ALTER DEFAULT PRIVILEGES FOR ROLE u_tr_main ...
The way you did it, you effectively wrote "FOR ROLE postgres" because
you were connected as that user.
Than means that all future tables created *by postgres* will have
privileges for user "u_tr_db" added. But you want tables created
*by u_tr_main* to get the privileges.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Charles Clavadetscher | 2016-10-04 11:04:35 | Re: Restricted access on DataBases |
| Previous Message | Benedikt Grundmann | 2016-10-04 09:25:36 | Re: Problems with pg_upgrade after change of unix user running db. |