Skip site navigation (1) Skip section navigation (2)

Re: What user privileges do I need to CREATE FUNCTION's?

From: km4hr <km4hr(at)netscape(dot)net>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: What user privileges do I need to CREATE FUNCTION's?
Date: 2007-07-18 15:09:12
Message-ID: 11670425.post@talk.nabble.com (view raw or flat)
Thread:
Lists: pgsql-admin
Please disregard my last post about creating a schema. I found the answer.
You have to be connected to a database to create a schema in that database.



km4hr wrote:
> 
> Thanks Milen. Assigning superuser role worked. 
> 
> Speaking of schema's, I logged in as user "postgres" and created a schema
> called "schema1" as follows:
> CREATE SCHEMA schema1 AUTHORIZATION newuser;
> 
> I then typed "\dn" and saw "schema1" in the list.
> 
> I then logged in as "newuser" and typed "\dn". "schema1" was not in the
> list! Why not?
> I then created a table. Next I entered: "select * from schema1.newtable".
> An error message
> indicated that "schema1" doesn't exist. How do I make "newuser" aware of
> his new schema?
> 
> thanks
> 
>  
> 
> Milen A. Radev-2 wrote:
>> 
>> km4hr написа:
>>> I'm installing an application that provides a ".sql" script to create
>>> tables
>>> and other objects in a postgresql database. When I run the script as
>>> user
>>> "postgres" the script executes without errors. But then all the tables
>>> and
>>> other objects are owned by "postgres". A user that I created to access
>>> the
>>> tables, "newuser",  doesn't have privileges needed to use them. 
>>> 
>>> If I login as "newuser" and execute the install script, I get errors
>>> indicating "newuser" doesn't have privileges to CREATE FUNCTION's . 
>>> 
>>> How should I execute the install script so that all the objects are
>>> owned by
>>> "newuser" and the FUNCTIONS are created?
>> 
>> You need to create all DB objects with one preferably administrative
>> role and then GRANT only some privileges to other, everyday roles.
>> Something like (assuming those are run as a administrator):
>> 
>> CREATE TABLE example_table (
>>    id integer PRIMARY KEY,
>>    ...
>> );
>> 
>> REVOKE ALL PRIVILEGES ON TABLE example_table FROM PUBLIC;
>> GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE example_table TO newuser;
>> 
>> REVOKE ALL PRIVILEGES ON SEQUENCE example_table_id_seq FROM PUBLIC;
>> GRANT USAGE ON SEQUENCE example_table_id_seq TO newuser;
>> 
>> 
>> CREATE FUNCTION example_func(...) RETURNS ... AS $$
>>    ...
>> $$ LANGUAGE SQL;
>> 
>> REVOKE ALL PRIVILEGES ON FUNCTION example_func FROM PUBLIC;
>> GRANT EXECUTE ON FUNCTION example_func TO newuser;
>> 
>> 
>> 
>> Or you could change the owner of the newly created DB object:
>> 
>> ALTER TABLE example_table OWNER TO newuser;
>> ALTER FUNCTION example_func(...) OWNER TO newuser;
>> 
>> 
>> This way the new owner has all the privileges on that object. Of
>> course I prefer the first method of dealing with the needed privileges.
>> 
>> 
>>> What privileges does "newuser" need to create functions?  I can't find
>>> that
>>> described in the postgres manual?
>> 
>> I suppose the role should be the owner of the schema or a superuser.
>> 
>> 
>> -- 
>> Milen A. Radev
>> 
>> 
>> ---------------------------(end of broadcast)---------------------------
>> TIP 5: don't forget to increase your free space map settings
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/What-user-privileges-do-I-need-to-CREATE-FUNCTION%27s--tf4099063.html#a11670425
Sent from the PostgreSQL - admin mailing list archive at Nabble.com.


In response to

pgsql-admin by date

Next:From: PostgreSQL AdminDate: 2007-07-18 16:46:03
Subject: pgmemcache
Previous:From: Alvaro HerreraDate: 2007-07-18 15:05:01
Subject: Re: syslog: log line length?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group