From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | ROS Didier <didier(dot)ros(at)edf(dot)fr> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "pgsql-sql(at)postgresql(dot)org" <pgsql-sql(at)postgresql(dot)org> |
Subject: | Re: problem with read-only user |
Date: | 2019-12-20 14:04:57 |
Message-ID: | 2743.1576850697@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-sql |
ROS Didier <didier(dot)ros(at)edf(dot)fr> writes:
> I created a read-only role as follows:
> psql -p 5434 kidsdpn03
> CREATE ROLE kidsdpn03_ro PASSWORD 'xxx';
> ALTER ROLE kidsdpn03_ro WITH LOGIN;
> GRANT CONNECT ON DATABASE kidsdpn03 TO kidsdpn03_ro;
> GRANT USAGE ON SCHEMA kidsdpn03 TO kidsdpn03_ro;
> GRANT SELECT ON ALL TABLES IN SCHEMA kidsdpn03 TO kidsdpn03_ro;
> GRANT SELECT ON ALL SEQUENCES IN SCHEMA kidsdpn03 TO kidsdpn03_ro;
> ALTER DEFAULT PRIVILEGES IN SCHEMA kidsdpn03 GRANT SELECT ON TABLES TO kidsdpn03_ro;
> ALTER ROLE kidsdpn03_ro SET search_path TO kidsdpn03;
> but when i create new tables, i don't have read access to those new tables.
You only showed us part of what you did ... but IIRC,
ALTER DEFAULT PRIVILEGES only affects privileges for objects
subsequently made by the same user that issued the command.
(Otherwise it'd be a security issue.) So maybe you didn't
make the tables as the same user?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Mark Lorenz | 2019-12-20 14:08:18 | Re: Created feature for to_date() conversion using patterns 'YYYY-WW', 'YYYY-WW-D', 'YYYY-MM-W' and 'YYYY-MM-W-D' |
Previous Message | Bruce Momjian | 2019-12-20 13:57:04 | Re: [PATCH] Increase the maximum value track_activity_query_size |
From | Date | Subject | |
---|---|---|---|
Next Message | ROS Didier | 2019-12-27 08:56:55 | RE: problem with read-only user |
Previous Message | ROS Didier | 2019-12-20 13:01:50 | problem with read-only user |