From: | sud <suds1434(at)gmail(dot)com> |
---|---|
To: | pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Grants and privileges issue |
Date: | 2024-03-28 21:10:09 |
Message-ID: | CAD=mzVWqq9jQZQQUrO4rtZ-ihPsVCUMV2qWBzZgvWm=6CqxJeg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi, It's postgres 15.4.
We want to give required privilege to certain users or roles and ensure to
not to provide any elevated privilege. I have below questions,
1)I am seeing in many places, we have "usage on schema" privilege given.
along with "grant select on <object_name> to <role1>" for the objects of
the schema (something as below). So I wanted to understand, what exact
privilege "grant usage on schema <schema1> to <role1>" will provide which
the "select on" privilege won't?
grant usage on schema <schema1> to <role1>;
grant select on schema1.tab1 to <role1>;
2)Additionally , when we are trying to give select privilege on "cron" and
"partman" schema to a role (something as below) , so that anybody logging
through that role would be able to see/fetch the data from the tables
inside cron and partman schema. its giving output '*no privileges were
granted for cron/partman/part_config*' message. And during accessing that
object from the cron/partman schema through that role, it errors out with
an access denied message. So I wanted to understand the cause of this and
how we should fix it , such that anybody logging in through that role can
see/fetch the data from the cron and partman schema tables.
grant select on cron.job to <role1>;
grant select on cron.job_run_details to <role1>;
grant select on partman.part_config to <role1>;
Regards
Sud
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian Klaver | 2024-03-28 21:13:49 | Re: Grants and privileges issue |
Previous Message | Bruce Momjian | 2024-03-28 20:36:49 | Re: Inquiry on Participating in the Korean Translation Project for PostgreSQL Documentation |