Thread: Copy user privileges

Copy user privileges

From
"Graham Vickrage"
Date:
Hi All,

I have dumped a database with no data and restored it with a new db
name.

I want to keep all the privileges but assign them to a new user. 

What is the best way of doing this? Is it to alter the system tables
directly in which case which ones.

TIA,

Graham



Re: Copy user privileges

From
Tom Lane
Date:
"Graham Vickrage" <graham@gpmd.co.uk> writes:
> I want to keep all the privileges but assign them to a new user. 

> What is the best way of doing this?

How about just renaming the old user to a new name?

I don't think we have an ALTER command for that, but an UPDATE on
pg_shadow would get the job done just as well.
        regards, tom lane


Re: Copy user privileges

From
Michael Fuhr
Date:
On Tue, Jul 12, 2005 at 03:12:50PM -0400, Tom Lane wrote:
> "Graham Vickrage" <graham@gpmd.co.uk> writes:
> > I want to keep all the privileges but assign them to a new user. 
> 
> > What is the best way of doing this?
> 
> How about just renaming the old user to a new name?
> 
> I don't think we have an ALTER command for that, but an UPDATE on
> pg_shadow would get the job done just as well.

What about ALTER USER RENAME TO?

test=# CREATE USER user1;
CREATE USER
test=# CREATE TABLE foo (x integer);
CREATE TABLE
test=# GRANT SELECT ON foo TO user1;
GRANT
test=# \z foo               Access privileges for database "test"Schema | Name | Type  |              Access privileges
             
 
--------+------+-------+----------------------------------------------public | foo  | table |
{postgres=arwdRxt/postgres,user1=r/postgres}
(1 row)

test=# ALTER USER user1 RENAME TO user2;
ALTER USER
test=# \z foo               Access privileges for database "test"Schema | Name | Type  |              Access privileges
             
 
--------+------+-------+----------------------------------------------public | foo  | table |
{postgres=arwdRxt/postgres,user2=r/postgres}
(1 row)

Renaming the user is only useful if you no longer need the old user.
If you need to keep the old user and copy its privileges, then consider
granting privileges to groups instead of to users -- then you could
just add the new user to a group.

-- 
Michael Fuhr
http://www.fuhr.org/~mfuhr/


Re: Copy user privileges

From
"Graham Vickrage"
Date:
Thanks for the suggestions but as you guessed I do need to keep the old
user and also groups would be unsuitable as I don't want either user to
be able to see data on the other database.

Thought there would be some SQL statement I could run on the sys tables
but I don't know enough about the internals to attempt it.

Thanks again,

Graham

-----Original Message-----
From: Michael Fuhr [mailto:mike@fuhr.org] 
Sent: 12 July 2005 20:29
To: Tom Lane
Cc: Graham Vickrage; pgsql-sql@postgresql.org
Subject: Re: [SQL] Copy user privileges


On Tue, Jul 12, 2005 at 03:12:50PM -0400, Tom Lane wrote:
> "Graham Vickrage" <graham@gpmd.co.uk> writes:
> > I want to keep all the privileges but assign them to a new user.
> 
> > What is the best way of doing this?
> 
> How about just renaming the old user to a new name?
> 
> I don't think we have an ALTER command for that, but an UPDATE on 
> pg_shadow would get the job done just as well.

What about ALTER USER RENAME TO?

test=# CREATE USER user1;
CREATE USER
test=# CREATE TABLE foo (x integer);
CREATE TABLE
test=# GRANT SELECT ON foo TO user1;
GRANT
test=# \z foo               Access privileges for database "test"Schema | Name | Type  |              Access privileges
             
 
--------+------+-------+----------------------------------------------public | foo  | table |
{postgres=arwdRxt/postgres,user1=r/postgres}
(1 row)

test=# ALTER USER user1 RENAME TO user2;
ALTER USER
test=# \z foo               Access privileges for database "test"Schema | Name | Type  |              Access privileges
             
 
--------+------+-------+----------------------------------------------public | foo  | table |
{postgres=arwdRxt/postgres,user2=r/postgres}
(1 row)

Renaming the user is only useful if you no longer need the old user. If
you need to keep the old user and copy its privileges, then consider
granting privileges to groups instead of to users -- then you could just
add the new user to a group.

-- 
Michael Fuhr
http://www.fuhr.org/~mfuhr/