Обсуждение: GRANT

Поиск
Список
Период
Сортировка

GRANT

От
Joakim Bomelin
Дата:
Hi.
I have currently changed from MySQL to PostgreSQL, and there is one
thing I'm not really getting...
When I create a new databse (with creatbd), all users are able to create
tables in this database. They are, how ever, not able to execute
commands on one another's tables, unless there are privileges set.
In MySQL I am able to set privileges on databases so user Ben can't
access user Stephen's database, but I can't work that out in pgsql. Is
it just me, or is GRANT only working for tables?

Thanks in advance.

--
Joakim Bomelin
Gröna Verket AB
040-691 91 36

Re: GRANT

От
Michelle Murrain
Дата:
On Thursday 10 May 2001 05:45 am, Joakim Bomelin wrote:
> Hi.
> I have currently changed from MySQL to PostgreSQL, and there is one
> thing I'm not really getting...
> When I create a new databse (with creatbd), all users are able to create
> tables in this database. They are, how ever, not able to execute
> commands on one another's tables, unless there are privileges set.
> In MySQL I am able to set privileges on databases so user Ben can't
> access user Stephen's database, but I can't work that out in pgsql. Is
> it just me, or is GRANT only working for tables?

My understanding is that if Ben created a database and Stephen created a
database, unless Ben gave permisssion to Stephen to do something with tables
via GRANT, Stephen can only see the schema of Ben's database, but can't get
access to any data or add any data on any tables. He can, however, add
tables, as you say.

You can, however, use pg_hba.conf to much more specifically give permissions
to users. I haven't tried to do what you are trying to get at, but I think
looking at pg_hba.conf will help.

Michelle
--
------------
Michelle Murrain, Ph.D.
President
Norwottuck Technology Resources
mpm@norwottuck.com
http://www.norwottuck.com

Re: GRANT

От
Tom Lane
Дата:
Joakim Bomelin <jbm@gronaverket.se> writes:
> In MySQL I am able to set privileges on databases so user Ben can't
> access user Stephen's database, but I can't work that out in pgsql. Is
> it just me, or is GRANT only working for tables?

If you don't want Ben to get into Stephen's database at all, set up
connection permissions (pg_hba.conf) to prevent it.  GRANT only operates
within a database, it does not control connection permissions.

            regards, tom lane