Thread: Roles and security
Hi
I am Nikhil currently working as a MS SQL DBA . Currently my company is
shifting from MS SQL to postgres
check the roles of user I want to give user roles only select, insert,
update, execute and create database to all users Permission
The users should not have these permissiondrop database , delete table permission
**(Example --like in MS SQL we have like DB_roles-- ddladmin,data
writer,data reader ,etc like these do we have in postgres).***
Thanks
nikhil raj wrote: > Currently my company is shifting from MS SQL to postgres > > check the roles of user I want to give user roles only select, insert, update, execute and create database to all usersPermission > > > The users should not have these permission > drop database , delete table permission If you want to allow a user (or role) CREATE DATABASE, give them the CREATEDB privilege with ALTER ROLE. If you mean "schema" when you say "database", give them the CREATE privilege on the database instead. SELECT, INSERT, UPDATE and EXECUTE are granted on individual objects, not in general. You can, however, use ALTER DEFUALT PRIVILEGES to automatically grant privieges on any new object created. Note that by default, everybody (the special role PUBLIC) has EXECUTE privilege on all functions. Only superusers and object owners are allowed DROP and ALTER on objects, and there is no way to prevent that. Yours, Laurenz Albe
nikhil raj wrote: > Currently my company is shifting from MS SQL to postgres > > check the roles of user I want to give user roles only select, insert, update, execute and create database to all usersPermission > > > The users should not have these permission > drop database , delete table permission If you want to allow a user (or role) CREATE DATABASE, give them the CREATEDB privilege with ALTER ROLE. If you mean "schema" when you say "database", give them the CREATE privilege on the database instead. SELECT, INSERT, UPDATE and EXECUTE are granted on individual objects, not in general. You can, however, use ALTER DEFUALT PRIVILEGES to automatically grant privieges on any new object created. Note that by default, everybody (the special role PUBLIC) has EXECUTE privilege on all functions. Only superusers and object owners are allowed DROP and ALTER on objects, and there is no way to prevent that. Yours, Laurenz Albe
nikhil raj wrote: > Currently my company is shifting from MS SQL to postgres > > check the roles of user I want to give user roles only select, insert, update, execute and create database to all usersPermission > > > The users should not have these permission > drop database , delete table permission If you want to allow a user (or role) CREATE DATABASE, give them the CREATEDB privilege with ALTER ROLE. If you mean "schema" when you say "database", give them the CREATE privilege on the database instead. SELECT, INSERT, UPDATE and EXECUTE are granted on individual objects, not in general. You can, however, use ALTER DEFUALT PRIVILEGES to automatically grant privieges on any new object created. Note that by default, everybody (the special role PUBLIC) has EXECUTE privilege on all functions. Only superusers and object owners are allowed DROP and ALTER on objects, and there is no way to prevent that. Yours, Laurenz Albe