| From: | Chris Angelico <rosuav(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Question about permissions on database. |
| Date: | 2012-09-22 23:22:11 |
| Message-ID: | CAPTjJmrCbMw6BFJMfp6Q3swDUGhC-6F6cMa75QcH90p-5yZD7g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sun, Sep 23, 2012 at 6:47 AM, Ryan Kelly <rpkelly22(at)gmail(dot)com> wrote:
> On Sat, Sep 22, 2012 at 11:35:00PM +0300, Condor wrote:
>> Hello,
>> I wanna ask: is there a short way to giver permission to one user to
>> select/insert (all privileges) on whole database ?
>> Im create a user and try to give him all permission on existing
>> database, but when I try to select always got:
>> ERROR: permission denied for relation table_name
> You don't want to GRANT on the database. That doesn't do what you think
> it does. You, however, can do:
>
> GRANT ALL ON ALL TABLES IN SCHEMA public TO your_user;
>
> This is generally a bad idea.
>
> You can alternatively make the user a super user:
>
> ALTER ROLE your_user WITH SUPERUSER;
>
> But this is an even worse idea.
I have a similar situation; I want to have a userid for doing the
regular backups, which therefore (for pg_dump) needs SELECT privilege
on all tables. Is:
GRANT SELECT ON ALL TABLES IN SCHEMA public TO backup_userid;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO backup_userid;
the right way to do this? (Obviously I need to also do this for every
other schema I use.)
Alternatively, is there some better way to do backups? I'd rather not
snapshot the entire data directory; we burn to disc, so a larger
backup requires more media and slower backup/restore process.
ChrisA
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2012-09-23 00:33:56 | Re: Question about permissions on database. |
| Previous Message | David Johnston | 2012-09-22 20:55:21 | Re: Question about permissions on database. |