Re: Restricted access on DataBases

From: Durumdara <durumdara(at)gmail(dot)com>
To:
Cc: "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: Restricted access on DataBases
Date: 2016-10-04 11:52:38
Message-ID: CAEcMXhk6r=8hio_ZQ025crPz1Z0+UB8PSm21CCptLCDY9eOQwA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Oooooooooooooh, WTF (Word Trade Fenster)! :-o

PGAdmin did that!

There are subdialog for Default Privileges, with Tables, and with ONLY ONE
ROLE. This role is used after "TO". But nowhere role is used after "FOR"...

Hmmmmmmmmmmmmm....

Thank you!

2016-10-04 12:57 GMT+02:00 Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>:

> Durumdara wrote:
> [...]
> > --- login with postgres:
> [...]
> > ALTER DEFAULT PRIVILEGES
> > GRANT INSERT, SELECT, UPDATE, DELETE, TRUNCATE, REFERENCES,
> TRIGGER ON TABLES
> > TO u_tr_db;
> >
> > ---- login with u_tr_main:
> >
> > create table t_canyouseeme_1 (k int);
> >
> > ---- login with u_tr_db:
> >
> > select * from t_canyouseeme_1;
> >
> > ERROR: permission denied for relation t_canyouseeme_1
> > SQL state: 42501
> >
> > As you see before, u_tr_db got all default privileges on future tables,
> so I don't understand why he
> > don't get to "t_canyouseeme_1".
>
> You should have written
>
> ALTER DEFAULT PRIVILEGES FOR ROLE u_tr_main ...
>
> The way you did it, you effectively wrote "FOR ROLE postgres" because
> you were connected as that user.
>
> Than means that all future tables created *by postgres* will have
> privileges for user "u_tr_db" added. But you want tables created
> *by u_tr_main* to get the privileges.
>
> Yours,
> Laurenz Albe
>

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Edson Richter 2016-10-04 12:31:03 Re: Installing pgAdmin 4 in Oracle Enterprise Linux 7
Previous Message Charles Clavadetscher 2016-10-04 11:04:35 Re: Restricted access on DataBases