Postgres Pro
Downloads
Home   >   mailing lists

Thread: Grant blanket permissions on a database

Grant blanket permissions on a database

From
Kirk Strauser
Date:
I am using PostgreSQL-7.1.2_2 on a FreeBSD 4.4-STABLE server.  I am running
Apache on the same machine, and have a PHP website that connects to the
PostgreSQL server on localhost.  I want the user that the website connects
as to have full permission to do anything it wants on that particular
database, so it seemed like it would be reasonable to add to my pg_hba.conf:

   host mydatabase 127.0.0.1 255.255.255.255 crypt

This works, in general.  However, I always get errors similar to:

  Warning: PostgreSQL query failed: ERROR: sysusers_usersys_seq.nextval: you
  don't have permissions to set sequence sysusers_usersys_seq

when trying to insert data into a table with a serial field.  Shouldn't the
host line allow that user full permission to create, drop, and update every
element in the database?
--
Kirk Strauser
Internet Software Engineer
NMotion, Inc.

Re: Grant blanket permissions on a database

From
Tom Lane
Date:
Kirk Strauser <kirk@nmotioninc.com> writes:
> when trying to insert data into a table with a serial field.  Shouldn't the
> host line allow that user full permission to create, drop, and update every
> element in the database?

Nope.  pg_hba.conf only tells whether you are allowed to connect to a
database, not what privileges you have once you're in it.

It would appear that you need to do a little GRANTing.

            regards, tom lane

Re: Grant blanket permissions on a database

From
Stephan Szabo
Date:
On 4 Dec 2001, Kirk Strauser wrote:

> I am using PostgreSQL-7.1.2_2 on a FreeBSD 4.4-STABLE server.  I am running
> Apache on the same machine, and have a PHP website that connects to the
> PostgreSQL server on localhost.  I want the user that the website connects
> as to have full permission to do anything it wants on that particular
> database, so it seemed like it would be reasonable to add to my pg_hba.conf:
>
>    host mydatabase 127.0.0.1 255.255.255.255 crypt
>
> This works, in general.  However, I always get errors similar to:
>
>   Warning: PostgreSQL query failed: ERROR: sysusers_usersys_seq.nextval: you
>   don't have permissions to set sequence sysusers_usersys_seq
>
> when trying to insert data into a table with a serial field.  Shouldn't the
> host line allow that user full permission to create, drop, and update every
> element in the database?

IIRC, The pg_hba.conf gives the database level access permissions.  You
still need to GRANT the appropriate permissions to the user (or make the
user an superuser - in which case you probably want to make sure the
user cannot log into other databases).

Re: Grant blanket permissions on a database

From
Kirk Strauser
Date:
At 2001-12-04T20:43:26Z, Stephan Szabo <sszabo@megazone23.bigpanda.com> writes:

> IIRC, The pg_hba.conf gives the database level access permissions.  You
> still need to GRANT the appropriate permissions to the user (or make the
> user an superuser - in which case you probably want to make sure the user
> cannot log into other databases).

I guess I was used to the MySQL permissions scheme.  So, I've determined
that 'grant all on * to username' doesn't work.  Does that mean that I have
to iterate through each and every object in the database?
--
Kirk Strauser
Internet Software Engineer
NMotion, Inc.