Version 7.1.3 (release tarball) on development machine -- Error
7.2.1 on production machine (7.2.1-2 Debian) -- Works
I can't easily upgrade the development machine in the near future, but this
at least gives more ammunition. If you know of any good workaround besides
just GRANT ALL on <each_table> TO test_cib_admin, (which works) I'ld appreciate
hearing about it.
Script:
CREATE USER test_cib_unauth;
CREATE USER test_cib_auth;
CREATE USER test_cib_admin;
CREATE GROUP test_cib_all;
CREATE GROUP test_cib_trusted;
ALTER GROUP test_cib_all ADD USER test_cib_unauth, test_cib_auth, test_cib_admin;
ALTER GROUP test_cib_trusted ADD USER test_cib_auth, test_cib_admin;
CREATE TABLE users (
userid SERIAL PRIMARY KEY,
statusid INT,
siteadmin BOOLEAN,
username TEXT,
hashed TEXT,
email TEXT);
REVOKE ALL PRIVILEGES ON users FROM PUBLIC;
GRANT SELECT, INSERT ON users TO GROUP test_cib_all;
GRANT UPDATE ON users_userid_seq TO GROUP test_cib_all;
GRANT UPDATE ON users TO GROUP test_cib_trusted;
GRANT DELETE ON users TO test_cib_admin;
\c - test_cib_admin
SELECT * FROM users;
--- END SCRIPT ---
Output on 7.1.3.
CREATE USER
CREATE USER
CREATE USER
CREATE GROUP
CREATE GROUP
ALTER GROUP
ALTER GROUP
NOTICE: CREATE TABLE will create implicit sequence ;user_userid_seq' for SERIAL column 'users.userid'
NOTICE: CREATE TABLE/PRIMARY KEY will create implicit index 'users_pkey' for table 'users'
CREATE
CHANGE
CHANGE
CHANGE
CHANGE
CHANGE
You are now connected as new user test_cib_admin.
ERROR: users: Permission Denied.
Eric
