Kasia Tuszynska <ktuszynska(at)esri(dot)com> writes:
> I am having issues with privilege inheritance to a login role through a group role.
> These are the steps I am performing:
> 1. data: stcities belongs to user gdb, it resides in the gdb schema
> 2. map user is a login role:
> CREATE ROLE map LOGIN
> ENCRYPTED PASSWORD 'md59ec9dda576db2a36c42c1c3af155d07c'
> NOSUPERUSER NOINHERIT CREATEDB NOCREATEROLE;
> 1. editor role is created, and privileges to the data are granted to it:
> CREATE ROLE editor NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
> GRANT select on gdb.stcities TO editor;
> 1. user map is made a member of the editor role:
> GRANT editor TO map;
> Now, theoretically, I am expecting the map role to be able to inherit the select privileges via the editor group role to the gdb.stcities data.
You've got the INHERIT bit backwards: you'd have to apply INHERIT to
map, not editor, to have editor's privileges automatically work for map.
If there's some identifiable bit of the documentation that confused you
about this, please point it out so we can improve it.
regards, tom lane
In response to
pgsql-admin by date
|Next:||From: Alvaro Herrera||Date: 2009-04-01 11:56:45|
|Subject: Re: privilege inheritance to a login role through a grouprole|
|Previous:||From: Tom Lane||Date: 2009-03-31 23:34:47|
|Subject: Re: backup question |