Question about schema-level permissions

Started by Mike Christensenalmost 14 years ago3 messagesgeneral

mike@kitchenpc.com

almost 14 years ago

I've created a schema called Indexer and a user called Indexer. I
then grant Indexer ALL on said schema:

GRANT ALL ON SCHEMA Indexer TO "Indexer";

Next, I attempt to INSERT into Indexer.ParseErrors, I get a permission
denied error message. However, if I specifically grant Indexer INSERT
permissions:

GRANT INSERT ON Indexer.ParseErrors TO "Indexer";

Then everything works.

Am I missing something? Doesn't GRANT ALL mean that user can do
anything they want with objects in that schema, including inserts?
Thanks!

Mike

Christophe Pettus

xof@thebuild.com

almost 14 years ago

In reply to: Mike Christensen (#1)

Re: Question about schema-level permissions

On May 10, 2012, at 9:16 PM, Mike Christensen wrote:

Am I missing something? Doesn't GRANT ALL mean that user can do
anything they want with objects in that schema, including inserts?

No, it means that user has all privileges on *schema itself*; the objects inside of it have their own permissions. What you are looking for is:

GRANT ALL ON ALL TABLES IN SCHEMA Indexer TO Indexer;

--
-- Christophe Pettus
xof@thebuild.com

Mike Christensen

mike@kitchenpc.com

almost 14 years ago

In reply to: Christophe Pettus (#2)

Re: Question about schema-level permissions

Excellent, thanks so much!

Mike

Show quoted text

On Thu, May 10, 2012 at 9:38 PM, Christophe Pettus <xof@thebuild.com> wrote:

On May 10, 2012, at 9:16 PM, Mike Christensen wrote:

Am I missing something? Doesn't GRANT ALL mean that user can do
anything they want with objects in that schema, including inserts?

No, it means that user has all privileges on *schema itself*; the objects inside of it have their own permissions. What you are looking for is:

GRANT ALL ON ALL TABLES IN SCHEMA Indexer TO Indexer;

--
-- Christophe Pettus
xof@thebuild.com