From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
Cc: | etienne(dot)decherf-ext(at)aphp(dot)fr, pgsql-sql <pgsql-sql(at)lists(dot)postgresql(dot)org> |
Subject: | Re: multiple roles for a user ? |
Date: | 2018-11-05 15:08:45 |
Message-ID: | CAKFQuwbiFuVbAti8udw+O1O-WHiHnBJD=Fkj-79WKpCqRdrb0w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
On Mon, Nov 5, 2018 at 6:25 AM Guillaume Lelarge <guillaume(at)lelarge(dot)info> wrote:
>
> Le lun. 5 nov. 2018 à 12:15, DECHERF Étienne <etienne(dot)decherf-ext(at)aphp(dot)fr> a écrit :
>>
>> 2. plus a role "Role_user" particular for each of them for its additional personal access
>>
>> with "grants" and "revokes" on other tables and columns.
>> Yes, though you can only grant privileges this way. Not revoke some.
Phrased differently, "REVOKE" removes a previously GRANT'd permission;
it does not setup a "denial of permission". The permission system in
PostgreSQL is purely additive - roles start with zero permissions are
strictly granted the ability to do things. You have to revoke
permissions where they are granted originally when inheritance is in
play.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Gierth | 2018-11-05 17:51:19 | Re: Regular Expressions |
Previous Message | Guillaume Lelarge | 2018-11-05 13:25:12 | Re: multiple roles for a user ? |