access privileges: grant select on (all current and future tables)?
how'd i "grant select on (all current and future tables inside a
private schema) to username" without turning that user into superuser?
"grant usage on..." doesn't do it.
or do i, everytime i batch/auto create the tables, do a "grant select
on (new table) to username"?
http://www.postgresql.org/docs/8.1/static/sql-grant.html
CREATE: For schemas, allows new objects to be created within the
schema. To rename an existing object, you must own the object and have
this privilege for the containing schema.
USAGE: For schemas, allows access to objects contained in the
specified schema (assuming that the objects' own privilege
requirements are also met). Essentially this allows the grantee to
"look up" objects within the schema.
using 8.1.4
cheers, jzs
On 9/27/07, John Smith <jayzee.smith@gmail.com> wrote:
how'd i "grant select on (all current and future tables inside a
private schema) to username" without turning that user into superuser?
"grant usage on..." doesn't do it.or do i, everytime i batch/auto create the tables, do a "grant select
on (new table) to username"?
ok did some more googling. seems like "grant" is not the strongest
feature of postgresql yet.
for those who follow:
"grant select on schemaname.tablename..." alone works. gotto
explicitly mention tablename via trigger/script since schema privilege
is separate from table privilige.
and "grant usage on new tables in schema..." doesn't exist yet. which
leads to my next question (see
http://svr5.postgresql.org/pgsql-hackers/2005-01/msg01070.php)- are we
there yet?
also how'd i find access privileges for a schema. something like "\z
schemaname" not "\dp schemaname."?
cheers, jzs
On 9/27/07, John Smith <jayzee.smith@gmail.com> wrote:
On 9/27/07, John Smith <jayzee.smith@gmail.com> wrote:
how'd i "grant select on (all current and future tables inside a
private schema) to username" without turning that user into superuser?
"grant usage on..." doesn't do it.or do i, everytime i batch/auto create the tables, do a "grant select
on (new table) to username"?also how'd i find access privileges for a schema. something like "\z
schemaname" not "\dp schemaname."?
ok let me ask this one other way:
when i "drop user username" which system tables does it access to then reply:
ERROR: role "username" cannot be dropped...
DETAIL: access to schema schemaname
where is this "access to schema..." info stored?
John Smith escribi�:
On 9/27/07, John Smith <jayzee.smith@gmail.com> wrote:
On 9/27/07, John Smith <jayzee.smith@gmail.com> wrote:
how'd i "grant select on (all current and future tables inside a
private schema) to username" without turning that user into superuser?
"grant usage on..." doesn't do it.or do i, everytime i batch/auto create the tables, do a "grant select
on (new table) to username"?also how'd i find access privileges for a schema. something like "\z
schemaname" not "\dp schemaname."?ok let me ask this one other way:
when i "drop user username" which system tables does it access to then reply:
ERROR: role "username" cannot be dropped...
DETAIL: access to schema schemanamewhere is this "access to schema..." info stored?
pg_shdepend
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
John Smith wrote:
and "grant usage on new tables in schema..." doesn't exist yet. which
leads to my next question (see
http://svr5.postgresql.org/pgsql-hackers/2005-01/msg01070.php)- are we
there yet?
If I understand your question, you cannot grant "anticipatory"
privileges to tables which do not yet exist, which I discovered in
this thread:
http://archives.postgresql.org/pgsql-general/2007-02/msg00911.php
If you follow the thread, you'll find that one reply pointed to some
existing functions for managing this stuff. I found these useful.
- John D. Burger
MITRE