| From: | Evgeny Duzhakow <diabolo(at)philol(dot)msu(dot)ru> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: create table permissions bug for 7.3.2 |
| Date: | 2003-03-13 08:38:14 |
| Message-ID: | Pine.LNX.4.20.0303131056050.24659-100000@zeus.philol.msu.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Thu, 13 Mar 2003, Tom Lane wrote:
TL>regression=# create user z;
TL>CREATE USER
TL>regression=# create schema s;
TL>CREATE SCHEMA
TL>regression=# \c - z
TL>You are now connected as new user z.
TL>regression=> create table s.t (f1 int);
TL>ERROR: s: permission denied
TL>regression=>
TL>I'm not seeing the problem. Please provide a test case showing that
TL>there's a bug here.
TL>
TL>Your patch is wrong in any case, I think, since CREATE rights on a
TL>database control the right to create schemas, not individual tables
TL>within schemas ...
Ok, i have a database 'testtables' and some user like 'fake' enabled to
connect via pg_hba.conf
--- cut ---
local testtables fake trust
--- cut ---
All my tables in db are created in the schema public (i don't have
opportunity to correct 500 scripts on an insert there concept of
schemas).
testtables=# \d
List of relations
Schema | Name | Type | Owner
--------+--------+-------+---------
public | lalala | table | diabolo
It is necessary for me, that the user fake only could read tables of a
database and create temp tables for his work, but could not create other
objects.
I have grant permissions on testtables
testtables=# select datname,datacl from pg_database where datname='testtables';
datname | datacl
------------+----------------
testtables | {=,diabolo=CT}
Now i grant 'fake' for creating only temp tables on my db;
testtables=# GRANT TEMP ON DATABASE testtables TO fake;
GRANT
testtables=# select datname,datacl from pg_database where datname='testtables';
datname | datacl
------------+-----------------------
testtables | {=,diabolo=CT,fake=T}
Now connect and try to create the table:
testtables=# \c - fake
You are now connected as new user fake.
testtables=> create table qq(i int);
CREATE TABLE
testtables=> \d
List of relations
Schema | Name | Type | Owner
--------+--------+-------+---------
public | lalala | table | diabolo
public | qq | table | fake
But the basic problem that I have public bases in which it is necessary for
me too most. And it bug for me as without an opportunity of work with grants
at a level of base I receive dust in the bases from users.
Diabolo.
P.S. Sorry for my bad english :(
--- ---
System Administrator of Phone: +7-095-939-1478
the Philological Faculty of E-Mail: diabolo(at)philol(dot)msu(dot)ru
Moscow State University. Web: http://www.philol.msu.ru
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Koshelev | 2003-03-13 09:20:11 | Optimizer bug in subselect/view |
| Previous Message | Tom Lane | 2003-03-13 05:55:30 | Re: create table permissions bug for 7.3.2 |