Обсуждение: multiple roles for a user ?
Hello,
I have a simple question to ask :
Is it possible to give multiple roles to the same user?
for example :
1. a general role "RoleA" for most users, for "grants and revokes" on certain tables and certain columns.
2. plus a role "Role_user" particular for each of them for its additional personal access
with "grants" and "revokes" on other tables and columns.
Thanks.
Regards.
Etienne DECHERF
SOPRA STERIA
for APHP Paris
Yes it is.
stanton schmidt
Database Administrator
RGL
direct. 920.471.4495 cell 920.660.1828
RGL
GO AHEAD. ASK WHAT IF.
www.RGLlogistics.co m
www.RGLlogistics.co m
From: "DECHERF Étienne" <etienne.decherf-ext@aphp.fr>
To: "pgsql-sql" <pgsql-sql@lists.postgresql.org>
Sent: Monday, November 5, 2018 5:15:08 AM
Subject: multiple roles for a user ?
To: "pgsql-sql" <pgsql-sql@lists.postgresql.org>
Sent: Monday, November 5, 2018 5:15:08 AM
Subject: multiple roles for a user ?
Hello,
I have a simple question to ask :
Is it possible to give multiple roles to the same user? for example :
1. a general role "RoleA" for most users, for "grants and revokes" on certain tables and certain columns. 2. plus a role "Role_user" particular for each of them for its additional personal access
with "grants" and "revokes" on other tables and columns.
Thanks.
Regards.
Etienne DECHERF
SOPRA STERIA
for APHP Paris
Le lun. 5 nov. 2018 à 12:15, DECHERF Étienne <etienne.decherf-ext@aphp.fr> a écrit :
Hello,I have a simple question to ask :Is it possible to give multiple roles to the same user? for example :
1. a general role "RoleA" for most users, for "grants and revokes" on certain tables and certain columns. 2. plus a role "Role_user" particular for each of them for its additional personal access
with "grants" and "revokes" on other tables and columns.
Yes, though you can only grant privileges this way. Not revoke some.
--
Guillaume.
On Mon, Nov 5, 2018 at 6:25 AM Guillaume Lelarge <guillaume@lelarge.info> wrote: > > Le lun. 5 nov. 2018 à 12:15, DECHERF Étienne <etienne.decherf-ext@aphp.fr> a écrit : >> >> 2. plus a role "Role_user" particular for each of them for its additional personal access >> >> with "grants" and "revokes" on other tables and columns. >> Yes, though you can only grant privileges this way. Not revoke some. Phrased differently, "REVOKE" removes a previously GRANT'd permission; it does not setup a "denial of permission". The permission system in PostgreSQL is purely additive - roles start with zero permissions are strictly granted the ability to do things. You have to revoke permissions where they are granted originally when inheritance is in play. David J.