Re: What user privileges do I need to CREATE FUNCTION's? - Mailing list pgsql-admin
| From | km4hr |
|---|---|
| Subject | Re: What user privileges do I need to CREATE FUNCTION's? |
| Date | |
| Msg-id | 11670119.post@talk.nabble.com Whole thread Raw |
| In response to | Re: What user privileges do I need to CREATE FUNCTION's? ("Milen A. Radev" <milen@radev.net>) |
| Responses |
Re: What user privileges do I need to CREATE FUNCTION's?
|
| List | pgsql-admin |
Thanks Milen. Assigning superuser role worked. Speaking of schema's, I logged in as user "postgres" and created a schema called "schema1" as follows: CREATE SCHEMA schema1 AUTHORIZATION newuser; I then typed "\dn" and saw "schema1" in the list. I then logged in as "newuser" and typed "\dn". "schema1" was not in the list! Why not? I then created a table. Next I entered: "select * from schema1.newtable". An error message indicated that "schema1" doesn't exist. How do I make "newuser" aware of his new schema? thanks Milen A. Radev-2 wrote: > > km4hr написа: >> I'm installing an application that provides a ".sql" script to create >> tables >> and other objects in a postgresql database. When I run the script as user >> "postgres" the script executes without errors. But then all the tables >> and >> other objects are owned by "postgres". A user that I created to access >> the >> tables, "newuser", doesn't have privileges needed to use them. >> >> If I login as "newuser" and execute the install script, I get errors >> indicating "newuser" doesn't have privileges to CREATE FUNCTION's . >> >> How should I execute the install script so that all the objects are owned >> by >> "newuser" and the FUNCTIONS are created? > > You need to create all DB objects with one preferably administrative > role and then GRANT only some privileges to other, everyday roles. > Something like (assuming those are run as a administrator): > > CREATE TABLE example_table ( > id integer PRIMARY KEY, > ... > ); > > REVOKE ALL PRIVILEGES ON TABLE example_table FROM PUBLIC; > GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE example_table TO newuser; > > REVOKE ALL PRIVILEGES ON SEQUENCE example_table_id_seq FROM PUBLIC; > GRANT USAGE ON SEQUENCE example_table_id_seq TO newuser; > > > CREATE FUNCTION example_func(...) RETURNS ... AS $$ > ... > $$ LANGUAGE SQL; > > REVOKE ALL PRIVILEGES ON FUNCTION example_func FROM PUBLIC; > GRANT EXECUTE ON FUNCTION example_func TO newuser; > > > > Or you could change the owner of the newly created DB object: > > ALTER TABLE example_table OWNER TO newuser; > ALTER FUNCTION example_func(...) OWNER TO newuser; > > > This way the new owner has all the privileges on that object. Of > course I prefer the first method of dealing with the needed privileges. > > >> What privileges does "newuser" need to create functions? I can't find >> that >> described in the postgres manual? > > I suppose the role should be the owner of the schema or a superuser. > > > -- > Milen A. Radev > > > ---------------------------(end of broadcast)--------------------------- > TIP 5: don't forget to increase your free space map settings > > -- View this message in context: http://www.nabble.com/What-user-privileges-do-I-need-to-CREATE-FUNCTION%27s--tf4099063.html#a11670119 Sent from the PostgreSQL - admin mailing list archive at Nabble.com.
pgsql-admin by date: