grants

Started by Edgar Maresalmost 22 years ago6 messages

Edgar Mares

edgarmaf@ife.org.mx

almost 22 years ago

hi there i'm having troubles to find how to

GRANT SELECT ON all-tables-onmydb TO specificuser

this is just to give the access to "specificuser" to query the
database and find troubles on it

thnx for your time

Christopher Kings-Lynne

chriskl@familyhealth.com.au

almost 22 years ago

In reply to: Edgar Mares (#1)

Re: grants

hi there i'm having troubles to find how to
GRANT SELECT ON all-tables-onmydb TO specificuser

There isn't any such command. You need to write a stored procedure to
do it for you in a loop.

Chris

Andreas Pflug

pgadmin@pse-consulting.de

almost 22 years ago

In reply to: Edgar Mares (#1)

Re: grants

Edgar Mares wrote:

hi there i'm having troubles to find how to
GRANT SELECT ON all-tables-onmydb TO specificuser

this is just to give the access to "specificuser" to query the
database and find troubles on it

pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on
the todo-list)

Regards,
Andreas

Kris Jurka

books@ejurka.com

almost 22 years ago

In reply to: Andreas Pflug (#3)

Re: grants

On Wed, 10 Mar 2004, Andreas Pflug wrote:

Edgar Mares wrote:

hi there i'm having troubles to find how to
GRANT SELECT ON all-tables-onmydb TO specificuser

this is just to give the access to "specificuser" to query the
database and find troubles on it

pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on
the todo-list)

The problem that cannot be solved with either this or a function that
loops and grants on each table is that it is not a permanent grant of what
the admin had in mind. If a new table is added or an existing table is
dropped and recreated, the grants must be done again. The real use of a
SELECT ANY TABLE permission is ignorance of schema updates.

Kris Jurka

Andreas Pflug

pgadmin@pse-consulting.de

almost 22 years ago

In reply to: Kris Jurka (#4)

Re: grants

Kris Jurka wrote:

On Wed, 10 Mar 2004, Andreas Pflug wrote:

Edgar Mares wrote:

hi there i'm having troubles to find how to
GRANT SELECT ON all-tables-onmydb TO specificuser

this is just to give the access to "specificuser" to query the
database and find troubles on it

pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on
the todo-list)

The problem that cannot be solved with either this or a function that
loops and grants on each table is that it is not a permanent grant of what
the admin had in mind. If a new table is added or an existing table is
dropped and recreated, the grants must be done again. The real use of a
SELECT ANY TABLE permission is ignorance of schema updates.

Hm, does this exist in other DBMS?
As soon as roles are implemented, there might be a default role
('public') for this. Until then, using groups solves most of the
problems (well, you certainly still need to GRANT rights to your
preferred group).

Regards,
Andreas

Kris Jurka

books@ejurka.com

almost 22 years ago

In reply to: Andreas Pflug (#5)

Re: grants

On Wed, 10 Mar 2004, Andreas Pflug wrote:

Kris Jurka wrote:

On Wed, 10 Mar 2004, Andreas Pflug wrote:

The problem that cannot be solved with either this or a function that
loops and grants on each table is that it is not a permanent grant of what
the admin had in mind. If a new table is added or an existing table is
dropped and recreated, the grants must be done again. The real use of a
SELECT ANY TABLE permission is ignorance of schema updates.

Hm, does this exist in other DBMS?
As soon as roles are implemented, there might be a default role
('public') for this. Until then, using groups solves most of the
problems (well, you certainly still need to GRANT rights to your
preferred group).

Groups help, but only if you want to GRANT to more than one user, and you
still need to do it on after schema changes. I know this is implemented
in at least Oracle, SELECT ANY TABLE is in fact the permission
name used.

Kris Jurka