| From: | Holger Jakobs <holger(at)jakobs(dot)com> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Question about permissions in the Schema |
| Date: | 2025-06-03 12:02:06 |
| Message-ID: | 682fac2c-74cc-4cb0-b549-390abecc610f@jakobs.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Am 03.06.25 um 13:44 schrieb Sabyasachi Mukherjee:
> Hello,
> I have a database with 5 different schemas. Each schema has the same
> set of tables, but the data is different.
> I have created one user to access the data in the tables from one
> schema only.
> The user can access the data from the target schema. For all other
> schemas it get a permission error except one.
> I have specifically run the Revoke command for the schema but still
> the user can access the data from that schema. I have run the command
> in PGAdmin. Also DBBeaver does not any permission for the objects in
> the leaking schema for the user.
> What could be wrong and how should I fix it.
> I am running PG 17 on Linux.
>
> Thanks & Regards
>
> Sabyasachi Mukherjee
Dear S. M.,
Even if a role (user) personally doesn't have any permissions to access
a schema, memerships in other roles (groups) may allow access.
Check memberships and never, ever grant permissions to individual user
roles, but only to non-login (group) roles. This minimises the number of
grants and enhances clarity of permissions.
Kind Regards,
Holgger
--
Holger Jakobs, Bergisch Gladbach
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2025-06-03 13:36:04 | Re: Question about permissions in the Schema |
| Previous Message | Sabyasachi Mukherjee | 2025-06-03 11:44:41 | Question about permissions in the Schema |