Home > mailing lists

Re: GRANT CONNECT ON DATABASE - Mailing list pgsql-admin

From	soroush jurat
Subject	Re: GRANT CONNECT ON DATABASE
Date	June 10 03:34:49
Msg-id	CAFgVK8vQBRbHL3vmMGMav146Xy9nLg9C_wFVDL=j=4C+5_ozjg@mail.gmail.com Whole thread Raw
In response to	Re: GRANT CONNECT ON DATABASE (Edwin UY <edwin.uy@gmail.com>)
Responses	Re: GRANT CONNECT ON DATABASE
List	pgsql-admin

Tree view

The GRANT CONNECT statement allows the role to connect to the database but does not give it login permission either.

So, you need both the ALTER ROLE and GRANT CONNECT statements to ensure the role can log in and connect to the database.

Jurat

On Sun, 9 Jun 2024 at 20:27 Edwin UY <edwin.uy@gmail.com> wrote:

Thanks. Yeah, the ALTER fixed it.
I thought the CONNECT should have done the same thing.
Is the GRANT CONNECT not necessary then?

On Mon, Jun 10, 2024 at 12:14 PM soroush jurat <srsh.jurat@gmail.com> wrote:
To grant the role login access, you need to modify the role to have the LOGIN attribute. You can do this by running the following command:

ALTER ROLE [blah] WITH LOGIN;

On Sun, 9 Jun 2024 at 20:09 Edwin UY <edwin.uy@gmail.com> wrote:
Hi,

A role was created as below:
CREATE ROLE [blah] WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';

Doesn't the following SQLs supposed to give the role login access?

ALTER ROLE [blah] WITH ENCRYPTED PASSWORD 'blahpassword' ;
GRANT CONNECT ON DATABASE [blahdb] TO [blahuser] ;

We're trying to take the minimalist approach for a user access to have access to only the tables he has created and only to a specific database and schema.

Regards,
Ed

pgsql-admin by date:

From: "David G. Johnston"
Date: 10 June, 03:30:30
Subject: Re: GRANT CONNECT ON DATABASE

From: Edwin UY
Date: 10 June, 04:02:49
Subject: Re: GRANT CONNECT ON DATABASE

Re: GRANT CONNECT ON DATABASE - Mailing list pgsql-admin

Previous

Next