Re: [ADMIN] Roles and Privileges

Поиск
Список
Период
Сортировка
От Samed YILDIRIM
Тема Re: [ADMIN] Roles and Privileges
Дата
Msg-id 1749171495720873@web27o.yandex.ru
обсуждение исходный текст
Ответ на [ADMIN] Roles and Privileges  (JC Putter <jcputter@gmail.com>)
Список pgsql-admin
Hi JC,
 
I try creating a test environment like your question. I guess adapting following scenario to your environment solves your problem.
 
Create roles (users and group)
CREATE ROLE ahmet LOGIN;
CREATE ROLE samed LOGIN;
CREATE ROLE mail_list_group;
 
GRANT mail_list_group TO ahmet;
GRANT mail_list_group TO samed;
 
Create schema
CREATE SCHEMA mail_list
  AUTHORIZATION mail_list_group;
 
Alter default permissions for users and schema
ALTER DEFAULT PRIVILEGES FOR ROLE samed IN SCHEMA mail_list
    GRANT ALL ON TABLES
    TO mail_list_group WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES FOR ROLE samed IN SCHEMA mail_list
    GRANT ALL ON SEQUENCES
    TO mail_list_group WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES FOR ROLE samed IN SCHEMA mail_list
    GRANT ALL ON FUNCTIONS
    TO mail_list_group WITH GRANT OPTION;
 
ALTER DEFAULT PRIVILEGES FOR ROLE ahmet IN SCHEMA mail_list
    GRANT ALL ON TABLES
    TO mail_list_group WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES FOR ROLE ahmet IN SCHEMA mail_list
    GRANT ALL ON SEQUENCES
    TO mail_list_group WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES FOR ROLE ahmet IN SCHEMA mail_list
    GRANT ALL ON FUNCTIONS
    TO mail_list_group WITH GRANT OPTION;
 
 
Create table as samed and insert dumy data.
atp=> create table mail_list.t1 (c1 int);
CREATE TABLE
atp=> insert into t1 select generate_series(1,100);
INSERT 0 100
 
Select table as ahmet
atp=> select * from mail_list.t1 limit 5;
 c1
----
  1
  2
  3
  4
  5
(5 rows)
 
Drop table as ahmet
atp=> drop table mail_list.t1;
DROP TABLE
 
Best regards.
Samed YILDIRIM
 
 
 
25.05.2017, 13:22, "JC Putter" <jcputter@gmail.com>:
Hi,
 
I would like to setup a new schema on an existing database and grant a set of users full control to the schema.
 
I've done the following and would appreciate help as I'm not getting the behavior I was hoping for.
 
I create a new group role and added members to the role then granted the role all privileges to the schema. 
 
When users create tables the table owner it set to the user instead of the role and I have to grant each newly created table before other members can access it.  
 
I've altered the default privileges however it seems to not have an effect. Someone pointed out that users would need to SET ROLE before creating tables, is this the only possible way or it there another way to achieve this?
 
Thank you in advance 

В списке pgsql-admin по дате отправления:

Предыдущее
От: JC Putter
Дата:
Сообщение: [ADMIN] Roles and Privileges
Следующее
От: Ravi Tammineni
Дата:
Сообщение: [ADMIN] Monitoring tool for Postgres Database