Re: (Default) Group permissions - Mailing list pgsql-general

From Michael Orlitzky
Subject Re: (Default) Group permissions
Date
Msg-id 51D4C3F9.9000206@orlitzky.com
Whole thread Raw
In response to Re: (Default) Group permissions  (Albe Laurenz <laurenz.albe@wien.gv.at>)
List pgsql-general
On 07/02/2013 03:35 AM, Albe Laurenz wrote:
> Michael Orlitzky wrote:
>> I want to be able to create a database, set up the (default) group
>> permissions, and have them work, even when a new user is added to one of
>> the groups. Right now I don't know of a way to get default group
>> permissions.
>
> There is none, as far as I can say.
>
> You have two options:
> - You have the default privileges on the roles, and every user
>   has to run SET ROLE to the role before he or she creates objects.
> - Whenever you create a new user, you set default privileges
>   for the user.
>
> I guess that the first solution is not useful until there are
> event triggers for database logins.
>

Thanks for taking a look. The first isn't manageable because it requires
users to do things.

The second is what I've decided on for now, but the way that I know
which default privileges to set is to look up his group membership "by
hand" and set his default privileges on the databases where the group
should have them. I'd love it if that step could be automated.




pgsql-general by date:

Previous
From: Ben Chobot
Date:
Subject: async streaming and recovery_target_timeline=latest
Next
From: Pavel Stehule
Date:
Subject: Re: Cannot connect to remote postgres database