Re: grant question - Mailing list pgsql-admin
From | Andreas Wenk |
---|---|
Subject | Re: grant question |
Date | |
Msg-id | 49A9A625.1040209@netzmeister-st-pauli.de Whole thread Raw |
In response to | Re: grant question ("Tena Sakai" <tsakai@gallo.ucsf.edu>) |
List | pgsql-admin |
Tena Sakai schrieb: > Thank you, Scott, for your reply. > > > Two problems. 1: you don't grant select on schemas, you grant it on > > tables. 2: case folding. If you're gonna use a name "schema_Z" then > > you have to quote it, because it's mixed case, not all lower. > > > You need to grant it for each table. > > In actual command issued, there is no case mixing. I wanted > to emphasize the argument was a schema name, not a table name. > But this means as new tables get created in the schema, a set > of new commands must be issued? > > > Note that instead of granting it to a user, you should grant it > > to a role, then give membership to that role to the user. > > That sounds like a good idea. Would you mind showing an exmple? Hi Tena, -- your user role roletest=# CREATE ROLE tena LOGIN; CREATE ROLE -- a group role roletest=# CREATE ROLE musicians; CREATE ROLE -- put tena 'in' the group role roletest=# GRANT musicians to tena; GRANT ROLE -- connect to roletest a user tena roletest=# \c roletest tena You are now connected to database "roletest" as user "tena". roletest=> select * from test; ERROR: permission denied for relation test STATEMENT: select * from test; ERROR: permission denied for relation test -- grant SELECT right as superuser in roletest roletest=> \c roletest postgres You are now connected to database "roletest" as user "postgres". roletest=# GRANT SELECT on test to musicians; GRANT roletest=# \c roletest tena You are now connected to database "roletest" as user "tena". roletest=> SELECT * FROM test; id | value ----+------- (0 rows) Cheers Andy -- St.Pauli - Hamburg - Germany Andreas Wenk > Regards, > > Tena Sakai > tsakai@gallo.ucsf.edu > > > -----Original Message----- > From: Scott Marlowe [mailto:scott.marlowe@gmail.com] > Sent: Sat 2/28/2009 12:04 PM > To: Tena Sakai > Cc: pgsql-admin@postgresql.org > Subject: Re: [ADMIN] grant question > > On Sat, Feb 28, 2009 at 12:56 PM, Tena Sakai <tsakai@gallo.ucsf.edu> wrote: > > Hi Everybody, > > > > I want to issue a command: > > > > grant select on schema_Z to user_a; > > > > so that the user_a can look at all tables in schema_Z. > > Sadly, what I get is: > > ERROR: relation "schema_Z" does not exist > > Two problems. 1: you don't grant select on schemas, you grant it on > tables. 2: case folding. If you're gonna use a name "schema_Z" then > you have to quote it, because it's mixed case, not all lower. > > > I tried: > > > > grant select on schema_Z.* to user_a; > > Sorry no wildcarding on grant (At least not yet). You need to grant > it for each table. Note that instead of granting it to a user, you > should grant it to a role, then give membership to that role to the > user. >
pgsql-admin by date: