Обсуждение: Permission issues. Please help
I am stumped.
I have been trying to create some users/roles with privs and am having no luck. I have tried all the combinations of alter, grants etc with no luck.
Here is my issues.
database "mydb" in schema "public" is owned user1
there is also a user2 and user3
The problem is that if user1 create a table in the database user2 and user3 get permission denied for selects and inserts. etc ... And if user2 creates a table user1 and user3 get permission denied. etc ...
I need to have user1,2 and 3 have all the same privileges against any obeject in the database created by any of them.
Can someone give a high level approach to this please?
thanks
RG
Look up role in postgres , you can create a role and users to that role and give permission to the role.
On Mar 13, 2018 10:25 PM, "Richard Gbs" <richardgbs@yahoo.com> wrote:
I am stumped.I have been trying to create some users/roles with privs and am having no luck. I have tried all the combinations of alter, grants etc with no luck.Here is my issues.database "mydb" in schema "public" is owned user1there is also a user2 and user3The problem is that if user1 create a table in the database user2 and user3 get permission denied for selects and inserts. etc ... And if user2 creates a table user1 and user3 get permission denied. etc ...I need to have user1,2 and 3 have all the same privileges against any obeject in the database created by any of them.Can someone give a high level approach to this please?thanksRG
On Tuesday, March 13, 2018, Richard Gbs <richardgbs@yahoo.com> wrote:
I need to have user1,2 and 3 have all the same privileges against any obeject in the database created by any of them.Can someone give a high level approach to this please?
Create a group with all three as members. Have them assign ownership of created objects to said group.
Maybe not the most secure but should meet your stated goal.
David J.
On Tue, Mar 13, 2018 at 8:52 PM, David G. Johnston <david.g.johnston@gmail.com> wrote:
On Tuesday, March 13, 2018, Richard Gbs <richardgbs@yahoo.com> wrote:I need to have user1,2 and 3 have all the same privileges against any obeject in the database created by any of them.Can someone give a high level approach to this please?Create a group with all three as members. Have them assign ownership of created objects to said group.Maybe not the most secure but should meet your stated goal.David J.
default privileges might also prove useful in making a setup like this easier to maintain over the long-term.
e.g.
ALTER DEFAULT PRIVILEGES FOR USER user1 IN SCHEMA public GRANT SELECT ON TABLES TO user2;
YMMV, but something like this would ensure that user2 is automatically granted SELECT on any tables created by user1 in schema public.
Combine with role inheritance to help cut down on the number of total default privs required
\ddp to view default privs
Hi, Probably you need to grant permission like this
GRANT SELECT ON ALL TABLES IN SCHEMA public TO user1;GRANT SELECT ON ALL TABLES IN SCHEMA public TO user2;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO user3;______________________
Saludos Ing. Ricardo Martín Gomez
DBA - SysAdmin
De: Steven Crandell <steven.crandell@gmail.com>
Enviado: miércoles, 14 de marzo de 2018 01:23 a.m.
Para: Richard Gbs
Cc: pgsql-admin@lists.postgresql.org
Asunto: Re: Permission issues. Please help
Enviado: miércoles, 14 de marzo de 2018 01:23 a.m.
Para: Richard Gbs
Cc: pgsql-admin@lists.postgresql.org
Asunto: Re: Permission issues. Please help
On Tue, Mar 13, 2018 at 8:52 PM, David G. Johnston <david.g.johnston@gmail.com> wrote:
On Tuesday, March 13, 2018, Richard Gbs <richardgbs@yahoo.com> wrote:I need to have user1,2 and 3 have all the same privileges against any obeject in the database created by any of them.Can someone give a high level approach to this please?Create a group with all three as members. Have them assign ownership of created objects to said group.Maybe not the most secure but should meet your stated goal.David J.
default privileges might also prove useful in making a setup like this easier to maintain over the long-term.
e.g.
ALTER DEFAULT PRIVILEGES FOR USER user1 IN SCHEMA public GRANT SELECT ON TABLES TO user2;
YMMV, but something like this would ensure that user2 is automatically granted SELECT on any tables created by user1 in schema public.
Combine with role inheritance to help cut down on the number of total default privs required
\ddp to view default privs