Re: ALTER DEFAULT PRIVILEGES FOR ROLE

Поиск
Список
Период
Сортировка
От Adrian Klaver
Тема Re: ALTER DEFAULT PRIVILEGES FOR ROLE
Дата
Msg-id 11eb0d12-22fd-f662-f8ac-722e741ceeec@aklaver.com
обсуждение исходный текст
Ответ на ALTER DEFAULT PRIVILEGES FOR ROLE  ("Hilbert, Karin" <ioh1@psu.edu>)
Список pgsql-general
Дерево обсуждения 
On 1/30/19 10:57 AM, Hilbert, Karin wrote:
> After a database was updated by the application, a schema dump showed 
> the following default privilege statements:
> 
> --
> -- Name: DEFAULT PRIVILEGES FOR SEQUENCES; Type: DEFAULT ACL; Schema: 
> public; Owner: gitlab_dbo
> --
> 
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public REVOKE ALL 
> ON SEQUENCES  FROM <dbowner>;
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT 
> SELECT,USAGE ON SEQUENCES  TO <appuser>;
> 
> 
> --
> -- Name: DEFAULT PRIVILEGES FOR TABLES; Type: DEFAULT ACL; Schema: 
> public; Owner: <dbowner>
> --
> 
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public REVOKE ALL 
> ON TABLES  FROM <dbowner>;
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT 
> SELECT,INSERT,DELETE,UPDATE ON TABLES  TO <appuser>;
> 
> Why would you want to revoke all privileges from the dbowner?

You would have to ask the application developer.

> It actually had granted the privileges to PUBLIC, but I revoked those 
> privileges & changed it to the app account.

This seems to be a continuation of your previous post. It would seem you 
and the application developer need to have a head to head and agree on 
what the privilege/permissions policy for this application/database 
needs to be.

> 
> 
> What is the difference between these statements?:
> ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT ...  
> TO <appuser>;
> ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ... TO <appuser>;

The first is keyed to a ROLE, the second to a SCHEMA.
> 
> 
> 
> Karin Hilbert
> Database Specialist
> Administrative Information Services
> Pennsylvania State University
> 25 Shields Bldg., University Park, PA  16802
> Work - 814-863-3633
> Email - ioh1@psu.edu
> IM - ioh1@chat.psu.edu
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com

В списке pgsql-general по дате отправления:

Предыдущее
От: "Hilbert, Karin"
Дата:
Сообщение: ALTER DEFAULT PRIVILEGES FOR ROLE
Следующее
От: "David Kremer"
Дата:
Сообщение: Java's org.postgresql.util.PSQLState is missing common PostgreSQLError Codes