Обсуждение: Privileges on sequences

Поиск
Список
Период
Сортировка

Privileges on sequences

От
FM
Дата:
Hello,
We are using PGSQL 8.3.4

I have problem to grant privileges to a sequence.
If I grant all to the user I can do something like :
SELECT nextval('reflex_cited_reports_id');
SELECT nextval('reflex_cited_reports_id');
 nextval
----------
 40442939
(1 row)


BUT if I grant the same priv to the group (that include the user) :

SELECT nextval('reflex_cited_reports_id');
ERROR:  permission denied for sequence reflex_cited_reports_id

some info :

canlii_integration_tests=# SELECT nextval('reflex_cited_reports_id');
 nextval
----------
 40442939
(1 row)

canlii_integration_tests=# SELECT * from pg_roles where
rolname='soft_reflex_externe';
       rolname       | rolsuper | rolinherit | rolcreaterole |
rolcreatedb | rolcatupdate | rolcanlogin | rolconnlimit | rolpassword |
rolvaliduntil | rolconfig |    oid

---------------------+----------+------------+---------------+-------------+--------------+-------------+--------------+-------------+---------------+-----------+-----------
 soft_reflex_externe | f        | f          | f             |
f           | f            | t           |           -1 | ********    |
infinity      |           | 820769731
(1 row)

canlii_integration_tests=# SELECT * from pg_group where
groname='reflex_lecteurs';
     groname     | grosysid |
grolist
-----------------+----------+-------------------------------------------------------------------
 reflex_lecteurs |    16431 |
{16400,16409,16417,16418,16424,16434,16479,16499,16500,820769731}
(1 row)



Is it a bug ? Or am i doing something wrong

Regards,

Re: Privileges on sequences

От
Tom Lane
Дата:
FM <dist-list@LEXUM.UMontreal.CA> writes:
> BUT if I grant the same priv to the group (that include the user) :
> SELECT nextval('reflex_cited_reports_id');
> ERROR:  permission denied for sequence reflex_cited_reports_id

Works for me ...

regression=# create sequence s1;
CREATE SEQUENCE
regression=# create user u1;
CREATE ROLE
regression=# \c - u1
You are now connected to database "regression" as user "u1".
regression=> select nextval('s1');
ERROR:  permission denied for sequence s1
regression=> \c - postgres
You are now connected to database "regression" as user "postgres".
regression=# create group g1;
CREATE ROLE
regression=# grant g1 to u1;
GRANT ROLE
regression=# grant all on sequence s1 to g1;
GRANT
regression=# \c - u1
You are now connected to database "regression" as user "u1".
regression=> select nextval('s1');
 nextval
---------
       1
(1 row)

regression=>

            regards, tom lane