the "users" group and restricting privileges - Mailing list pgsql-admin

From Dan Tenenbaum
Subject the "users" group and restricting privileges
Date
Msg-id 65029d820511291530mc4a0f62nc1de5cf58d110765@mail.gmail.com
Whole thread Raw
Responses Re: the "users" group and restricting privileges
Re: the "users" group and restricting privileges
List pgsql-admin
I want to create a postgresql user with restricted permissions--all it should be able to do is select on a few views that I specify.

So I did the following, as the database owner:
create user viewer password 'xxxx';
grant select on myview to viewer;

Then, when I start psql as the viewer user, specifying the same database with the -d switch, I try this:
select * from myview;
and get this:
ERROR: permission denied for schema myschema
What do I need to do to get the correct permissions?

Also, there is a group called "users" and the database owner is in that group. But I have not granted any explicit privileges to that group. And the database is owned by a particular user, not a group. However, I notice that when I added the "viewer" user to the "users" group, that the user seemed to be able to do everything that the database owner could do. That is not what I want. But the above (not being able to select a view that I thought I had select permission for) is not what I want either.

The above paragraph would seem to suggest that a group called "users" has some special properties. I could not find any documentation for that in the postgres docs (I am using version 7.4). Perhaps I couldn't find it because almost every page in the docs seems to have the word "users" in it, so it is hard to disambiguate my search.
If someone could point me towards documentation of the special properties of the "users" group that would be helpful...but the thing I most want help with is creating a user with restricted views as described above.

Thanks


pgsql-admin by date:

Previous
From: Simon Riggs
Date:
Subject: Re: query planning and partitioned tables
Next
From: Tom Lane
Date:
Subject: Re: the "users" group and restricting privileges