From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
---|---|
To: | "'Osahon Oduware *EXTERN*'" <oduwareosahon(at)gmail(dot)com>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: QGIS Seem To Bypass PostgreSQL/PostGIS User Privileges/Permissions |
Date: | 2017-03-20 12:55:13 |
Message-ID: | A737B7A37273E048B164557ADEF4A58B53A0F634@ntex2010i.host.magwien.gv.at |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Osahon Oduware wrote:
> I created a "Read-only" User in PostgreSQL via a Role with "SELECT" ONLY privilege on all
> tables in a schema as shown below:
>
> GRANT SELECT ON ALL TABLES IN SCHEMA [schema_name] TO [role_name]
> GRANT [role_name] TO [user_name]
>
> Next, I test this by trying to UPDATE a column in a table (same schema as above) with
> pgAdmin/psql and this works fine by giving a response that the user has no permission -
> 'ERROR: permission denied for relation <table_name>.'
>
> Next, I connect with the same user in QGIS and add a layer from the same table (same
> schema as above). I open the attribute table for the layer, turn on editing mode (by
> clicking on the pencil-like icon), and edit the same field/column above. To my surprise,
> the edit was saved successfully without any permission error prompt.
>
> Next, I check the value of the field/column (same table/schema as above) in pgAdmin/psql
> and it is having the new (edited) value from QGIS. This is rather strange as it seems QGIS
> is bypassing the permissions set for the same user in the PostgreSQL/PostGIS database.
The most likely explanation is that the QGIS application connects with
A database user different from [user_name].
Set "log_statement = 'all'" in postgresql.conf, reload and the database
modifications will be logged. With an appropriate setting for "log_line_prefix"
you will be able to see which database user performs the operation.
Yours,
Laurenz Albe
From | Date | Subject | |
---|---|---|---|
Next Message | jasoninmel | 2017-03-21 03:36:29 | Re: Postgres - Replication |
Previous Message | Alvaro Aguayo Garcia-Rada | 2017-03-18 16:54:35 | Re: Postgres - Replication |