Home > mailing lists

Re: create table permissions bug for 7.3.2 - Mailing list pgsql-bugs

From	Evgeny Duzhakow
Subject	Re: create table permissions bug for 7.3.2
Date	March 14, 2003 03:12:23
Msg-id	Pine.LNX.4.20.0303131056050.24659-100000@zeus.philol.msu.ru Whole thread Raw
In response to	Re: create table permissions bug for 7.3.2 (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

On Thu, 13 Mar 2003, Tom Lane wrote:

TL>regression=# create user z;
TL>CREATE USER
TL>regression=# create schema s;
TL>CREATE SCHEMA
TL>regression=# \c - z
TL>You are now connected as new user z.
TL>regression=> create table s.t (f1 int);
TL>ERROR:  s: permission denied
TL>regression=>
TL>I'm not seeing the problem.  Please provide a test case showing that
TL>there's a bug here.
TL>
TL>Your patch is wrong in any case, I think, since CREATE rights on a
TL>database control the right to create schemas, not individual tables
TL>within schemas ...
   Ok, i have a database 'testtables' and some user like 'fake' enabled to
connect via pg_hba.conf

--- cut ---
local   testtables  fake                                         trust
--- cut ---

   All my tables in db are created in the schema public (i don't have
opportunity to correct 500 scripts on an insert there concept of
schemas).

testtables=# \d
         List of relations
 Schema |  Name  | Type  |  Owner
--------+--------+-------+---------
 public | lalala | table | diabolo

It is necessary for me, that the user fake only could read tables of a
database and create temp tables for his work, but could not create other
objects.

I have grant permissions on testtables

testtables=# select datname,datacl from pg_database where datname='testtables';
  datname   |     datacl
------------+----------------
 testtables | {=,diabolo=CT}

Now i grant 'fake' for creating only temp tables on my db;

testtables=# GRANT TEMP ON DATABASE testtables TO fake;
GRANT
testtables=# select datname,datacl from pg_database where datname='testtables';
  datname   |        datacl
------------+-----------------------
 testtables | {=,diabolo=CT,fake=T}

 Now connect and try to create the table:

testtables=# \c - fake
You are now connected as new user fake.
testtables=> create table qq(i int);
CREATE TABLE
testtables=> \d
         List of relations
 Schema |  Name  | Type  |  Owner
--------+--------+-------+---------
 public | lalala | table | diabolo
 public | qq     | table | fake

But the basic problem that I have public bases in which it is necessary for
me too most. And it bug for me as without an opportunity of work with grants
at a level of base I receive dust in the bases from users.

                Diabolo.

P.S. Sorry for my bad english :(

---                                                                       ---
   System Administrator of                          Phone: +7-095-939-1478
      the Philological Faculty of         E-Mail: diabolo@philol.msu.ru
         Moscow State University.      Web: http://www.philol.msu.ru

pgsql-bugs by date:

From: Joshua Moore-Oliva
Date: 14 March 2003, 02:41:47
Subject: RESOLUTION: Re: Bug in AT TIME ZONE contruct between EST and INTERVAL '-05:00' (resubmit now that I am a member of this list)

From: Joshua Moore-Oliva
Date: 14 March 2003, 03:12:24
Subject: Bug in AT TIME ZONE contruct between EST and INTERVAL '-05:00'

Re: create table permissions bug for 7.3.2 - Mailing list pgsql-bugs

Previous

Next