| From: | Osahon Oduware <oduwareosahon(at)gmail(dot)com> |
|---|---|
| To: | "HEARNE, TIMOTHY S" <th1618(at)att(dot)com> |
| Cc: | "pgadmin-support(at)postgresql(dot)org" <pgadmin-support(at)postgresql(dot)org> |
| Subject: | Re: QGIS Seem To Bypass PostgreSQL/PostGIS User Privileges/Permissions |
| Date: | 2017-03-17 15:09:58 |
| Message-ID: | CAFmwTojwZstxRmNqkiGy_j3a3eFb2ePHbkaf23VXBMh-=GiGyg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
The role was created as shown below:
CREATE ROLE <role_name> WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB
NOCREATEROLE NOREPLICATION;
On Fri, Mar 17, 2017 at 3:56 PM, HEARNE, TIMOTHY S <th1618(at)att(dot)com> wrote:
> Did you create the user with SUPERUSER or some other elevated privilege?
> Since you did not include the script for the user, it is hard to determine
> the exact root cause.
>
> If you have any questions, please feel free to contact me.
>
> *Tim Hearne*
> CAST / Flex Force Application DBA
> Principal DBA
>
> Centralized Development
> AT&T Services, Inc.
> e-mail: timothy(dot)hearne(at)att(dot)com
> http://intranet.att.com/its/cdtworx/content.cfm/home/
>
> Agile Bronze Certified
>
> AT&T CAST team mailbox: g01494(at)att(dot)com
>
> PROPRIETARY INFORMATION
> The Information contained herein is for use only by authorized employees
> of AT&T, and authorized
>
> Affiliates of AT&T, and is not for general distribution within or outside
> the respective companies
>
>
>
> *From:* pgadmin-support-owner(at)postgresql(dot)org [mailto:
> pgadmin-support-owner(at)postgresql(dot)org] *On Behalf Of *Osahon Oduware
> *Sent:* Friday, March 17, 2017 7:46 AM
> *To:* pgadmin-support(at)postgresql(dot)org
> *Subject:* [pgadmin-support] QGIS Seem To Bypass PostgreSQL/PostGIS User
> Privileges/Permissions
>
>
>
> Hi All,
>
>
>
> I created a "Read-only" User in PostgreSQL via a Role with "SELECT" ONLY
> privilege on all tables in a schema as shown below:
>
>
>
> GRANT SELECT ON ALL TABLES IN SCHEMA [schema_name] TO [role_name]
>
> GRANT [role_name] TO [user_name]
>
>
>
> Next, I test this by trying to UPDATE a column in a table (same schema as
> above) with pgAdmin/psql and this works fine by giving a response that the
> user has no permission - 'ERROR: permission denied for relation
> <table_name>.'
>
>
>
> Next, I connect with the same user in QGIS and add a layer from the same
> table (same schema as above). I open the attribute table for the layer,
> turn on editing mode (by clicking on the pencil-like icon), and edit the
> same field/column above. To my surprise, the edit was saved successfully
> without any permission error prompt.
>
>
>
> Next, I check the value of the field/column (same table/schema as above)
> in pgAdmin/psql and it is having the new (edited) value from QGIS. This is
> rather strange as it seems QGIS is bypassing the permissions set for the
> same user in the PostgreSQL/PostGIS database.
>
>
>
> I will be glad if someone can help me unravel this mystery.
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Osahon Oduware | 2017-03-17 15:17:47 | Re: QGIS Seem To Bypass PostgreSQL/PostGIS User Privileges/Permissions |
| Previous Message | Osahon Oduware | 2017-03-17 15:09:17 | Re: QGIS Seem To Bypass PostgreSQL/PostGIS User Privileges/Permissions |