From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | Edwin UY <edwin(dot)uy(at)gmail(dot)com> |
Cc: | "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
Subject: | Re: ERROR: must be owner of table - ALTER TABLE |
Date: | 2024-05-18 14:47:16 |
Message-ID: | CAKFQuwYmypOZNCnMn2s=tWZo9E4mvcY0=TtC3UsV4rfu0-rhWA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Saturday, May 18, 2024, Edwin UY <edwin(dot)uy(at)gmail(dot)com> wrote:
> Hi
>
> Is there no other option to grant a user ALTER TABLE privilege except
> doing the grant <owner> to <user>/<role> :-)
>
> I can understand it is not really ideal to grant access for the user to do
> ALTER TABLE, this is mainly for the TEST environment while the developers
> are doing their testing.
> For Qual and PROD, it will be restricted to either the owner or users with
> superuser privileges.
>
> Any advice is much appreciated. Thanks in advance.
>
>
>
Users, i.e., roles with login attribute, should not be given direct
ownership. Group roles should be given ownership. Then in each database
the users can be added as members of those group roles, or not, as needed.
Or, on a developer’s machine where they are actually writing code, they
just get superuser. But for all other environments they stash the alter
commands they need into the schema migration tool scripts in the VCS and
the schema migration tool logs on using a role granted member in the owning
role and runs the scripts.
David H.
From | Date | Subject | |
---|---|---|---|
Next Message | Ron Johnson | 2024-05-18 15:05:36 | Re: PITR |
Previous Message | Ron Johnson | 2024-05-18 10:45:25 | Re: ERROR: must be owner of table - ALTER TABLE |