| From: | Kasia Tuszynska <ktuszynska(at)esri(dot)com> |
|---|---|
| To: | "'pgsql-admin(at)postgresql(dot)org'" <'pgsql-admin(at)postgresql(dot)org'> |
| Subject: | privilege inheritance to a login role through a group role |
| Date: | 2009-03-31 23:33:53 |
| Message-ID: | 232B5217AD58584C87019E8933556D11011F00862C@redmx2.esri.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hello Everyone.
I am having issues with privilege inheritance to a login role through a group role.
These are the steps I am performing:
1. data: stcities belongs to user gdb, it resides in the gdb schema
2. map user is a login role:
CREATE ROLE map LOGIN
ENCRYPTED PASSWORD 'md59ec9dda576db2a36c42c1c3af155d07c'
NOSUPERUSER NOINHERIT CREATEDB NOCREATEROLE;
1. editor role is created, and privileges to the data are granted to it:
CREATE ROLE editor NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
GRANT select on gdb.stcities TO editor;
1. user map is made a member of the editor role:
GRANT editor TO map;
Now, theoretically, I am expecting the map role to be able to inherit the select privileges via the editor group role to the gdb.stcities data.
But that is not the case, when I make a connection to pgAdminIII as the map user, I receive the following message:
An error has occurred:
Error: permission denied for relation stcities
So, map is not inheriting the privs from the role.
-editor group has privs on the data: gdb=arwdxt/gdb,editor=r/gdb
-Selecting from pg_auth_members tells me that role map is part of group editor
So, why is map not inheriting the privs granted to the editor role? Am I missing a step?
Thanks in advance,
Sincerely,
Kasia
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-03-31 23:34:47 | Re: backup question |
| Previous Message | Kasia Tuszynska | 2009-03-31 23:27:10 | backup question |