Thread: Just View create privilege to user user2
Hi,
I have 2 users and 2 schemas in my database db1.
Users are u1 and u2.
Schemas are s1 and s2,
User u1 has full ( SELECT, CREATE, UPDATE, etc for tables/indexes/all objects) access from /to s1 schema.
user u2 has all SELECT on all tables of schema s1
I want user u2 to have only CREATE VIEW privilege in schema s2. I do not want u2 to create any other type of objects in s2 schema.
I am unable to find the command to grant just CREATE VIEW privilege to be granted to u2.
I will appreciate anu help on this.
Thanks,
Sarwar
M Sarwar <sarwarmd02@outlook.com> writes: > I want user u2 to have only CREATE VIEW privilege in schema s2. I do not want u2 to create any other type of objects ins2 schema. > I am unable to find the command to grant just CREATE VIEW privilege to be granted to u2. There is no such privilege, and we're quite unlikely to invent one, because it would be outside the SQL standard's privilege model. You could probably enforce a requirement like this with a custom event trigger. But I'd encourage you to rethink why you think this is a good idea. regards, tom lane
Hi Tom,
It is not just my idea. We have 1 such requirement now.
I am ready to think if that is going to help.
We need to provide limited access to a team which is outside of our core project team.
Can you point me to a sample trigger like which you mentioned?
Thanks,
Sarwar
From: Tom Lane <tgl@sss.pgh.pa.us>
Sent: Wednesday, May 3, 2023 7:28 PM
To: M Sarwar <sarwarmd02@outlook.com>
Cc: pgsql-admin@lists.postgresql.org <pgsql-admin@lists.postgresql.org>
Subject: Re: Just View create privilege to user user2
Sent: Wednesday, May 3, 2023 7:28 PM
To: M Sarwar <sarwarmd02@outlook.com>
Cc: pgsql-admin@lists.postgresql.org <pgsql-admin@lists.postgresql.org>
Subject: Re: Just View create privilege to user user2
M Sarwar <sarwarmd02@outlook.com> writes:
> I want user u2 to have only CREATE VIEW privilege in schema s2. I do not want u2 to create any other type of objects in s2 schema.
> I am unable to find the command to grant just CREATE VIEW privilege to be granted to u2.
There is no such privilege, and we're quite unlikely to invent one,
because it would be outside the SQL standard's privilege model.
You could probably enforce a requirement like this with a custom
event trigger. But I'd encourage you to rethink why you think this
is a good idea.
regards, tom lane
> I want user u2 to have only CREATE VIEW privilege in schema s2. I do not want u2 to create any other type of objects in s2 schema.
> I am unable to find the command to grant just CREATE VIEW privilege to be granted to u2.
There is no such privilege, and we're quite unlikely to invent one,
because it would be outside the SQL standard's privilege model.
You could probably enforce a requirement like this with a custom
event trigger. But I'd encourage you to rethink why you think this
is a good idea.
regards, tom lane
> On 04/05/2023 01:07 CEST M Sarwar <sarwarmd02@outlook.com> wrote: > > I want user u2 to have only CREATE VIEW privilege in schema s2. I do not want > u2 to create any other type of objects in s2 schema. You can setup a second database db2 just for u2 and have them access your database db1 via foreign tables. u2 still only has the SELECT privilege in db1 but can create objects in db2 and mess it up as they see fit. If you go with a single database and event triggers as Tom wrote you must also consider function security[0]. Otherwise u2 can override relations in s1 just by creating compatible views in s2 and set search_path=s2,s1. u2 can thus inject data into functions that have no explicit search_path. [0] https://www.postgresql.org/docs/current/perm-functions.html -- Erik
Erik,
Instead of going thru second database db2 which is giving any object creation privilege, I may just stay with single databse db1 with second user u2 with full privilege in this schema s2. That way I do not need to provide additional resource of the database db2.
My idea is to not to give any privilege other than CREATE VIEWs to u2.
Thanks,
Sarwar
From: Erik Wienhold <ewie@ewie.name>
Sent: Thursday, May 4, 2023 5:08 AM
To: M Sarwar <sarwarmd02@outlook.com>; pgsql-admin@lists.postgresql.org <pgsql-admin@lists.postgresql.org>
Subject: Re: Just View create privilege to user user2
Sent: Thursday, May 4, 2023 5:08 AM
To: M Sarwar <sarwarmd02@outlook.com>; pgsql-admin@lists.postgresql.org <pgsql-admin@lists.postgresql.org>
Subject: Re: Just View create privilege to user user2
> On 04/05/2023 01:07 CEST M Sarwar <sarwarmd02@outlook.com> wrote:
>
> I want user u2 to have only CREATE VIEW privilege in schema s2. I do not want
> u2 to create any other type of objects in s2 schema.
You can setup a second database db2 just for u2 and have them access your
database db1 via foreign tables. u2 still only has the SELECT privilege in db1
but can create objects in db2 and mess it up as they see fit.
If you go with a single database and event triggers as Tom wrote you must also
consider function security[0]. Otherwise u2 can override relations in s1 just
by creating compatible views in s2 and set search_path=s2,s1. u2 can thus
inject data into functions that have no explicit search_path.
[0] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fdocs%2Fcurrent%2Fperm-functions.html&data=05%7C01%7C%7Cd1e2268f4b4145d9459908db4c7f2f1e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638187881350467541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QjKvSInpN%2BFoIvbgJPyqdM3qA0dHtnUgzcSbzmPRq1k%3D&reserved=0
--
Erik
>
> I want user u2 to have only CREATE VIEW privilege in schema s2. I do not want
> u2 to create any other type of objects in s2 schema.
You can setup a second database db2 just for u2 and have them access your
database db1 via foreign tables. u2 still only has the SELECT privilege in db1
but can create objects in db2 and mess it up as they see fit.
If you go with a single database and event triggers as Tom wrote you must also
consider function security[0]. Otherwise u2 can override relations in s1 just
by creating compatible views in s2 and set search_path=s2,s1. u2 can thus
inject data into functions that have no explicit search_path.
[0] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fdocs%2Fcurrent%2Fperm-functions.html&data=05%7C01%7C%7Cd1e2268f4b4145d9459908db4c7f2f1e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638187881350467541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QjKvSInpN%2BFoIvbgJPyqdM3qA0dHtnUgzcSbzmPRq1k%3D&reserved=0
--
Erik