From: | Paul Lambert <paul(dot)lambert(at)reynolds(dot)com(dot)au> |
---|---|
To: | pgsql admin <pgsql-admin(at)postgresql(dot)org> |
Subject: | Schema security |
Date: | 2007-12-13 01:52:31 |
Message-ID: | 4760905F.2020406@reynolds.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
I have a schema for example called f65, and the public schema of course,
in a database.
I've created a user f65 to access only the f65 schema using the following:
CREATE ROLE f65 LOGIN
ENCRYPTED PASSWORD 'md52a630d68054defeed4b4c27cb6413ece'
NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE;
REVOKE ALL ON SCHEMA public FROM public;
REVOKE ALL ON SCHEMA f65 FROM public;
GRANT ALL ON SCHEMA f65 TO f65;
Which gives the f65 user access to the schema, but they cannot access
any of the objects within it (i.e. permission denied when trying a
select from a table)
testdb=> select * from f65.billing;
ERROR: permission denied for relation billing
I would have thought giving the user all privileges on a schema would by
default add them to all objects within it, but clearly not. Do I need to
explicitly go through every object within the schema and grant that user
access to them or is there an easier way of doing it? Something like a
"GRANT CASCADE" option?
Cheers,
P.
--
Paul Lambert
Database Administrator
AutoLedgers
From | Date | Subject | |
---|---|---|---|
Next Message | Medi Montaseri | 2007-12-13 02:27:09 | Re: WHERE clause OR vs IN |
Previous Message | Richard Broersma Jr | 2007-12-13 01:17:42 | Re: WHERE clause OR vs IN |