Postgres Pro
Downloads
Home   >   mailing lists

Re: grant connect on database - Mailing list pgsql-general

From Adrian Klaver
Subject Re: grant connect on database
Date
Msg-id 5671D7E2.90501@aklaver.com
Whole thread Raw
In response to Re: grant connect on database  (Jerry Sievers <gsievers19@comcast.net>)
List pgsql-general
Tree view 
On 12/16/2015 11:58 AM, Jerry Sievers wrote:
> spur230 <sabinpradhan@gmail.com> writes:
>
>> I am using Postgres 9.4.  I created a login role and gave  select to all
>> tables to a schema as follows:
>>
>>
>> create role fix;
>> create role dcv login password 'mypassword' in role fix;
>> grant select on all tables on schema xzy to dcv';
>>
>> I  was able to   connect to the database without giving 'grant connect on
>> database db1 to dcv'
>>
>> My question is when do I have to explicitly  give connect grant? How did
>> user dcv  connect to database without the  connect  privilege?
>
> NEver, unless you were to revoke it from public..
>
> Connect is granted to public by default.

For what is GRANTed by default see:

http://www.postgresql.org/docs/9.4/interactive/sql-grant.html

Highlights:

"The key word PUBLIC indicates that the privileges are to be granted to
all roles, including those that might be created later. PUBLIC can be
thought of as an implicitly defined group that always includes all
roles. Any particular role will have the sum of privileges granted
directly to it, privileges granted to any role it is presently a member
of, and privileges granted to PUBLIC."

....


"PostgreSQL grants default privileges on some types of objects to
PUBLIC. No privileges are granted to PUBLIC by default on tables,
columns, schemas or tablespaces. For other types, the default privileges
granted to PUBLIC are as follows: CONNECT and CREATE TEMP TABLE for
databases; EXECUTE privilege for functions; and USAGE privilege for
languages. The object owner can, of course, REVOKE both default and
expressly granted privileges. (For maximum security, issue the REVOKE in
the same transaction that creates the object; then there is no window in
which another user can use the object.) Also, these initial default
privilege settings can be changed using the ALTER DEFAULT PRIVILEGES
command."

>
>
>
>> Thanks
>>
>>
>>
>> --
>> View this message in context: http://postgresql.nabble.com/grant-connect-on-database-tp5877872.html
>> Sent from the PostgreSQL - general mailing list archive at Nabble.com.
>


--
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-general by date:

Previous
From: Jerry Sievers
Date:
Subject: Re: grant connect on database
Next
From: Victor Yegorov
Date:
Subject: "Immediate shutdown if postmaster.pid is removed" not mentioned in Release Notes