Thread: RE: [SQL] User and Groups

RE: [SQL] User and Groups

From
Michael J Davis
Date:
For each group in pg_group you need to do the following:

UPDATE pg_group set grolist = '{501,514,502,503,504}' where grosysid = 1;

Where 501 - 504 is a list of pg_user.usesysid that should belong to the
group.

This really needs to be added to the documentation and "create user" needs
to be fixed to automatically do this.
-----Original Message-----From:    Greg Frith [SMTP:greg@malthouse.demon.co.uk]Sent:    Wednesday, May 05, 1999 8:35
AMTo:   pgsql-sql@postgreSQL.orgSubject:    [SQL] User and Groups
 
Hi, I'm having some problems trying to get my head around how users
and groupswork.
I have 2 groups of users: client & consultants.  I create these
groups asfollows:-

/* Group : create group consultants */INSERT INTO pg_group VALUES ('consultants', '100');INSERT INTO pg_group VALUES
('clients','200');
 
I then create some tables and set the permissions on these tables as
follows:-
REVOKE ALL ON clients, clientaddr, consultants, consultantaddr,     systemconstants, clients_consultants, tasks,
client_extras,    timesheet, schedule, invoice, invoice_items,     pg_user, pg_shadowFROM GROUP clients;
 
GRANT ALL ON clients, clientaddr, consultants, consultantaddr,     systemconstants, clients_consultants, tasks,
client_extras,    timesheet, schedule, invoice, invoice_itemsTO GROUP consultants;
 
Now I create a user:-
testdb=> CREATE USER paul IN GROUP consultants;CREATE USER
I login as this user and try a select on a table that should have
permissionsset:-
testdb=> select * from consultants;NOTICE:  in_group: group 100 not foundERROR:  consultants: Permission denied.
I can't understand this - should I insert the user id of each
consultant userinto grolist of pg_group where groname = consultants?
TOA
   --
---------------------------Greg Frith - University Of Leeds : School of Computer Studies


Re: [SQL] User and Groups

From
Greg Frith
Date:
Hi Michael, thanks for your help.  Just after I posted the message I used this
manual insert method as a quick fix, its obviously the right way!!  So what is
the point of the IN GROUP directive or ADD USER?  Does this actually do
anything?

Michael J Davis wrote:

> For each group in pg_group you need to do the following:
>
> UPDATE pg_group set grolist = '{501,514,502,503,504}' where grosysid = 1;
>
> Where 501 - 504 is a list of pg_user.usesysid that should belong to the
> group.
>
> This really needs to be added to the documentation and "create user" needs
> to be fixed to automatically do this.
>
>         -----Original Message-----
>         From:   Greg Frith [SMTP:greg@malthouse.demon.co.uk]
>         Sent:   Wednesday, May 05, 1999 8:35 AM
>         To:     pgsql-sql@postgreSQL.org
>         Subject:        [SQL] User and Groups
>
>         Hi, I'm having some problems trying to get my head around how users
> and groups
>         work.
>
>         I have 2 groups of users: client & consultants.  I create these
> groups as
>         follows:-
>
>         /* Group : create group consultants */
>         INSERT INTO pg_group VALUES ('consultants', '100');
>         INSERT INTO pg_group VALUES ('clients', '200');
>
>         I then create some tables and set the permissions on these tables as
> follows:-
>
>         REVOKE ALL ON clients, clientaddr, consultants, consultantaddr,
>              systemconstants, clients_consultants, tasks, client_extras,
>              timesheet, schedule, invoice, invoice_items,
>              pg_user, pg_shadow
>         FROM GROUP clients;
>
>         GRANT ALL ON clients, clientaddr, consultants, consultantaddr,
>              systemconstants, clients_consultants, tasks, client_extras,
>              timesheet, schedule, invoice, invoice_items
>         TO GROUP consultants;
>
>         Now I create a user:-
>
>         testdb=> CREATE USER paul IN GROUP consultants;
>         CREATE USER
>
>         I login as this user and try a select on a table that should have
> permissions
>         set:-
>
>         testdb=> select * from consultants;
>         NOTICE:  in_group: group 100 not found
>         ERROR:  consultants: Permission denied.
>
>         I can't understand this - should I insert the user id of each
> consultant user
>         into grolist of pg_group where groname = consultants?
>
>         TOA
>
>            --
>
>         ---------------------------
>         Greg Frith - University Of Leeds : School of Computer Studies
>