Обсуждение: postgres 8.1 usermanagement problem
Hallo to all! I use Postgres 8.1 and i've got problem in its usermanagement.
Here is me roles list:
nausd=# \du
List of roles
Role name | Superuser | Create role | Create DB | Connections | Member of
-------------+-----------+-------------+-----------+-------------+--------------
dss0 | yes | yes | yes | no limit |
georgyd | no | no | no | no limit | {nausd_read}
joe | no | no | no | no limit |
nausd | no | no | no | no limit |
nausd_read | no | no | no | no limit |
postgres | yes | yes | yes | no limit |
sagach_user | no | no | no | no limit |
system | no | no | no | no limit |
testgrp | no | no | no | no limit |
testus | no | no | no | no limit | {testgrp}
ttest | no | no | no | no limit |
(11 rows)
testus - user is a member of the testgrp
Then I changed permission in table tbl_a_a_container from database nausd:
nausd=# \z
Access privileges for database "nausd"
Schema | Name | Type | Access privileges
--------+--------------------------------+----------+----------------------------------------------------------------
public | tbl_a_a_container | table | {nausd=arwdRxt/nausd,nausd_read=r/nausd,testgrp=arwdRxt/nausd}
So, we can see all rights for group testgrp and correspondingly for testus.
But when I logging to databes nausd with user testus and try to select from tbl_a_a_container - I got error: permission denied for relation tbl_a_a_container
What's wrong?
Here is me roles list:
nausd=# \du
List of roles
Role name | Superuser | Create role | Create DB | Connections | Member of
-------------+-----------+-------------+-----------+-------------+--------------
dss0 | yes | yes | yes | no limit |
georgyd | no | no | no | no limit | {nausd_read}
joe | no | no | no | no limit |
nausd | no | no | no | no limit |
nausd_read | no | no | no | no limit |
postgres | yes | yes | yes | no limit |
sagach_user | no | no | no | no limit |
system | no | no | no | no limit |
testgrp | no | no | no | no limit |
testus | no | no | no | no limit | {testgrp}
ttest | no | no | no | no limit |
(11 rows)
testus - user is a member of the testgrp
Then I changed permission in table tbl_a_a_container from database nausd:
nausd=# \z
Access privileges for database "nausd"
Schema | Name | Type | Access privileges
--------+--------------------------------+----------+----------------------------------------------------------------
public | tbl_a_a_container | table | {nausd=arwdRxt/nausd,nausd_read=r/nausd,testgrp=arwdRxt/nausd}
So, we can see all rights for group testgrp and correspondingly for testus.
But when I logging to databes nausd with user testus and try to select from tbl_a_a_container - I got error: permission denied for relation tbl_a_a_container
What's wrong?
Did you check the option "Inherits rights from parent roles" (parameter
INHERIT in SQL) for user testus ?
Dmitry Shubin rašė:
> Hallo to all! I use Postgres 8.1 and i've got problem in its
> usermanagement.
>
> Here is me roles list:
> nausd=# \du
> List of roles
> Role name | Superuser | Create role | Create DB | Connections | Member of
> -------------+-----------+-------------+-----------+-------------+--------------
> dss0 | yes | yes | yes | no limit |
> georgyd | no | no | no | no limit | {nausd_read}
> joe | no | no | no | no limit |
> nausd | no | no | no | no limit |
> nausd_read | no | no | no | no limit |
> postgres | yes | yes | yes | no limit |
> sagach_user | no | no | no | no limit |
> system | no | no | no | no limit |
> testgrp | no | no | no | no limit |
> testus | no | no | no | no limit | {testgrp}
> ttest | no | no | no | no limit |
> (11 rows)
>
> testus - user is a member of the testgrp
>
> Then I changed permission in table tbl_a_a_container from database nausd:
>
> nausd=# \z
> Access privileges for database "nausd"
> Schema | Name | Type | Access privileges
> --------+--------------------------------+----------+----------------------------------------------------------------
> public | tbl_a_a_container | table |
> {nausd=arwdRxt/nausd,nausd_read=r/nausd,testgrp=arwdRxt/nausd}
>
> So, we can see all rights for group testgrp and correspondingly for
> testus.
>
> But when I logging to databes nausd with user testus and try to select
> from tbl_a_a_container - I got error: permission denied for relation
> tbl_a_a_container
>
> What's wrong?
>
--
Julius Tuskenis
Thanks a lot, that was the problem!
On 4/15/08, Julius Tuskenis <julius@nsoft.lt> wrote:
Did you check the option "Inherits rights from parent roles" (parameter INHERIT in SQL) for user testus ?
Dmitry Shubin rašė:--Hallo to all! I use Postgres 8.1 and i've got problem in its usermanagement.
Here is me roles list:
nausd=# \du
List of roles
Role name | Superuser | Create role | Create DB | Connections | Member of
-------------+-----------+-------------+-----------+-------------+--------------
dss0 | yes | yes | yes | no limit |
georgyd | no | no | no | no limit | {nausd_read}
joe | no | no | no | no limit |
nausd | no | no | no | no limit |
nausd_read | no | no | no | no limit |
postgres | yes | yes | yes | no limit |
sagach_user | no | no | no | no limit |
system | no | no | no | no limit |
testgrp | no | no | no | no limit |
testus | no | no | no | no limit | {testgrp}
ttest | no | no | no | no limit |
(11 rows)
testus - user is a member of the testgrp
Then I changed permission in table tbl_a_a_container from database nausd:
nausd=# \z
Access privileges for database "nausd"
Schema | Name | Type | Access privileges
--------+--------------------------------+----------+----------------------------------------------------------------
public | tbl_a_a_container | table | {nausd=arwdRxt/nausd,nausd_read=r/nausd,testgrp=arwdRxt/nausd}
So, we can see all rights for group testgrp and correspondingly for testus.
But when I logging to databes nausd with user testus and try to select from tbl_a_a_container - I got error: permission denied for relation tbl_a_a_container
What's wrong?
Julius Tuskenis
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin