Skip site navigation (1) Skip section navigation (2)

the "users" group and restricting privileges

From: Dan Tenenbaum <dandante(at)gmail(dot)com>
To: pgsql-admin(at)postgresql(dot)org
Subject: the "users" group and restricting privileges
Date: 2005-11-29 23:30:33
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
I want to create a postgresql user with restricted permissions--all it
should be able to do is select on a few views that I specify.

So I did the following, as the database owner:
create user viewer password 'xxxx';
grant select on myview to viewer;

Then, when I start psql as the viewer user, specifying the same database
with the -d switch, I try this:
select * from myview;
and get this:
ERROR: permission denied for schema myschema
What do I need to do to get the correct permissions?

Also, there is a group called "users" and the database owner is in that
group. But I have not granted any explicit privileges to that group. And the
database is owned by a particular user, not a group. However, I notice that
when I added the "viewer" user to the "users" group, that the user seemed to
be able to do everything that the database owner could do. That is not what
I want. But the above (not being able to select a view that I thought I had
select permission for) is not what I want either.

The above paragraph would seem to suggest that a group called "users" has
some special properties. I could not find any documentation for that in the
postgres docs (I am using version 7.4). Perhaps I couldn't find it because
almost every page in the docs seems to have the word "users" in it, so it is
hard to disambiguate my search.
If someone could point me towards documentation of the special properties of
the "users" group that would be helpful...but the thing I most want help
with is creating a user with restricted views as described above.



pgsql-admin by date

Next:From: Jim C. NasbyDate: 2005-11-30 00:13:04
Subject: Re: the "users" group and restricting privileges
Previous:From: Simon RiggsDate: 2005-11-29 22:43:54
Subject: Re: query planning and partitioned tables

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group