| From: | Samuel Nelson <valczir(dot)darkvein(at)gmail(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Partition Creation Permissions |
| Date: | 2021-02-04 23:00:22 |
| Message-ID: | CAC7xaNeDdvJhwjNVaMJF3e87zy5C8qkuqE7fhf1V+8Ss3w0rDA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ah, I didn't realize that was an option on the function. They're already
being created by a trigger (the table is partitioned on a foreign key, so
partitions are created by a trigger on the referenced table); it sounds
like I can just update that trigger function with `security definer`.
-Sam
https://git.sr.ht/~nelsam
https://github.com/nelsam
"As an adolescent I aspired to lasting fame, I craved factual certainty, and
I thirsted for a meaningful vision of human life -- so I became a scientist.
This is like becoming an archbishop so you can meet girls."
-- Matt Cartmill
On Thu, Feb 4, 2021 at 4:42 PM David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>
wrote:
> On Thu, Feb 4, 2021 at 3:39 PM Samuel Nelson <valczir(dot)darkvein(at)gmail(dot)com>
> wrote:
>
>> I've been trying to restrict permissions of some users in our system and
>> noticed that `create table foo partition of bar for values from (x) to (y)`
>> complains that I must be the owner of the table. Is there another GRANT I
>> can give to my user to allow creation and dropping of partitions without
>> allowing them to drop the parent table?
>>
>
>
> I doubt it...might want to consider writing a security definer function
> that you can give them permission to run instead of having them do things
> directly.
>
> David J.
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ian Lawrence Barwick | 2021-02-04 23:42:56 | Re: Unable To Drop Tablespace |
| Previous Message | David G. Johnston | 2021-02-04 22:42:21 | Re: Partition Creation Permissions |