Thread: permissions
If I create new database objects, I have to give permissions to any users or groups explicitly, for every object?
On Thu, Jul 01, 2004 at 08:36:12 -0700, Dennis Gearon <gearond@fireserve.net> wrote: > If I create new database objects, I have to give permissions to any > users or groups explicitly, for every object? Yes. But you can write scripts that query the information_schema and generate the SQL GRANT commands and then run them.
On Thu, Jul 01, 2004 at 14:37:52 -0700, Dennis Gearon <gearond@fireserve.net> wrote: > Bruno Wolff III wrote: > > >Yes. But you can write scripts that query the information_schema and > >generate the SQL GRANT commands and then run them. > > > Can you post one (with the 'gulity' object names changed to protect > them), please? I don't have a script handy as I don't regularly do that. I am not sure that they would be all that useful for you anyway. The hardest part of the script is getting the names of the objects you want to grant access to. If you only want some of say the tables, you somehow need to generate that list. Once you have the list, plugging the names one by one into GRANT statements is easy. If you don't want to have the script connect to the database for simplicity, just have it print them to a file and run the file from psql.
Bruno Wolff III wrote: >On Thu, Jul 01, 2004 at 08:36:12 -0700, > Dennis Gearon <gearond@fireserve.net> wrote: > > >>If I create new database objects, I have to give permissions to any >>users or groups explicitly, for every object? >> >> > >Yes. But you can write scripts that query the information_schema and >generate the SQL GRANT commands and then run them. > > > Can you post one (with the 'gulity' object names changed to protect them), please?
Bruno Wolff III wrote: >On Thu, Jul 01, 2004 at 14:37:52 -0700, > Dennis Gearon <gearond@fireserve.net> wrote: > > >>Bruno Wolff III wrote: >> >> >> >>>Yes. But you can write scripts that query the information_schema and >>>generate the SQL GRANT commands and then run them. >>> >>> >>> >>Can you post one (with the 'gulity' object names changed to protect >>them), please? >> >> > >I don't have a script handy as I don't regularly do that. I am not sure >that they would be all that useful for you anyway. The hardest part of >the script is getting the names of the objects you want to grant access >to. If you only want some of say the tables, you somehow need to generate >that list. Once you have the list, plugging the names one by one into >GRANT statements is easy. If you don't want to have the script connect >to the database for simplicity, just have it print them to a file and >run the file from psql. > > > I wonder how phpPgAdmin is at making this easier? I think I'll install it and see what happens.