| From: | Dominique Devienne <ddevienne(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Hellen Jiang <hjiang(at)federatedwireless(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Read only user permission |
| Date: | 2023-08-24 08:11:26 |
| Message-ID: | CAFCRh-8Cf=7BLg5=Bck89sbhYw9vmiHnSsntxpKFR3mS-2ynfw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Aug 23, 2023 at 7:46 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Hellen Jiang <hjiang(at)federatedwireless(dot)com> writes:
> > I have created readonly and readwrite roles with the following grants:
> however, readonly user does not have access to the new tables created by
> readwrite user. (readonly user has the access to new tables created by
> admin).
> > Any idea how I can grant the access to readonly to make sure it has the
> read access to NEW tables created by readwrite user?
>
> The readwrite user (not the admin) would need to issue ALTER DEFAULT
> PRIVILEGES granting that.
>
Hi. I'm confused Tom. Why should it matter who created the new tables?
I'm also using DEFAULT PRIVILEGES, for the very reason they dynamically
extend to newly created objects in the schema.
And I don't remember reading anything like what you imply. Could you please
pinpoint in the doc where this would be explained?
DEFAULT PRIVILEGES only apply to DDLs made by the role who did the
GRANT'ing?
In my case, the schema owner does both the granting and DDLs, so I guess
I'll be OK.
I just want to make sure I understand the situation better. Thanks, --DD
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Erik Wienhold | 2023-08-24 09:34:32 | Re: Read only user permission |
| Previous Message | Adam Lee | 2023-08-24 07:24:29 | Re: [EXTERNAL] Oracle FDW version |