Does a GRANT on a table cascade/implied to its SEQUENCES

"Roderick A. Anderson" <raanders@acm.org> writes:

I've add a new user and as I go though granting various accesses to the
different tables I realized many of those tables have primary keys that
are generated by a sequence.

Do I need to grant access on the sequences and what type of access --
SELECT for sure but what about UPDATE -- for each of the tables I've
granted the user access to?

Right now, GRANT on a table doesn't do anything about subsidiary
sequences. (There have been discussions about changing that, but
nothing's happened yet.) So if you want someone to be able to INSERT
into a table with a serial column, you need to give them UPDATE rights
on the sequence. Offhand I see no direct reason why they'd need SELECT
rights on the sequence, but maybe they do.

regards, tom lane

Tom Lane wrote:

"Roderick A. Anderson" <raanders@acm.org> writes:

I've add a new user and as I go though granting various accesses to the
different tables I realized many of those tables have primary keys that
are generated by a sequence.

Do I need to grant access on the sequences and what type of access --
SELECT for sure but what about UPDATE -- for each of the tables I've
granted the user access to?

Right now, GRANT on a table doesn't do anything about subsidiary
sequences. (There have been discussions about changing that, but
nothing's happened yet.) So if you want someone to be able to INSERT
into a table with a serial column, you need to give them UPDATE rights
on the sequence. Offhand I see no direct reason why they'd need SELECT
rights on the sequence, but maybe they do.

Thanks for the clarification Tom.

Rod
--