Skip site navigation (1) Skip section navigation (2)

Schema security

From: Paul Lambert <paul(dot)lambert(at)reynolds(dot)com(dot)au>
To: pgsql admin <pgsql-admin(at)postgresql(dot)org>
Subject: Schema security
Date: 2007-12-13 01:52:31
Message-ID: 4760905F.2020406@reynolds.com.au (view raw or flat)
Thread:
Lists: pgsql-admin
I have a schema for example called f65, and the public schema of course, 
in a database.

I've created a user f65 to access only the f65 schema using the following:

CREATE ROLE f65 LOGIN
   ENCRYPTED PASSWORD 'md52a630d68054defeed4b4c27cb6413ece'
   NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE;
REVOKE ALL ON SCHEMA public FROM public;
REVOKE ALL ON SCHEMA f65 FROM public;
GRANT ALL ON SCHEMA f65 TO f65;

Which gives the f65 user access to the schema, but they cannot access 
any of the objects within it (i.e. permission denied when trying a 
select from a table)

testdb=>  select * from f65.billing;
ERROR:  permission denied for relation billing

I would have thought giving the user all privileges on a schema would by 
default add them to all objects within it, but clearly not. Do I need to 
explicitly go through every object within the schema and grant that user 
access to them or is there an easier way of doing it? Something like a 
"GRANT CASCADE" option?

Cheers,
P.

-- 
Paul Lambert
Database Administrator
AutoLedgers


Responses

pgsql-admin by date

Next:From: Medi MontaseriDate: 2007-12-13 02:27:09
Subject: Re: WHERE clause OR vs IN
Previous:From: Richard Broersma JrDate: 2007-12-13 01:17:42
Subject: Re: WHERE clause OR vs IN

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group