Participants
Samuel Nelson
Samuel Nelson
David G. Johnston
David G. Johnston
Attachments
Show all attachments
Thread Outline
#1Samuel NelsonSamuel Nelson
Feb 04, 2021
#2David G. JohnstonDavid G. Johnstonto Samuel Nelson (#1)
Feb 04, 2021
#3Samuel NelsonSamuel Nelsonto David G. Johnston (#2)
Feb 04, 2021

Partition Creation Permissions

Started by Samuel Nelsonabout 5 years ago3 messagesgeneral
Jump to latest
#1Samuel Nelson
Samuel Nelson
valczir.darkvein@gmail.com

Hi list!

I've been trying to restrict permissions of some users in our system and
noticed that `create table foo partition of bar for values from (x) to (y)`
complains that I must be the owner of the table. Is there another GRANT I
can give to my user to allow creation and dropping of partitions without
allowing them to drop the parent table?

-Sam

https://git.sr.ht/~nelsam
https://github.com/nelsam

"As an adolescent I aspired to lasting fame, I craved factual certainty, and
I thirsted for a meaningful vision of human life -- so I became a scientist.
This is like becoming an archbishop so you can meet girls."
-- Matt Cartmill

#2David G. Johnston
David G. Johnston
david.g.johnston@gmail.com
In reply to: Samuel Nelson (#1)
Re: Partition Creation Permissions

On Thu, Feb 4, 2021 at 3:39 PM Samuel Nelson <valczir.darkvein@gmail.com>
wrote:

I've been trying to restrict permissions of some users in our system and
noticed that `create table foo partition of bar for values from (x) to (y)`
complains that I must be the owner of the table. Is there another GRANT I
can give to my user to allow creation and dropping of partitions without
allowing them to drop the parent table?

I doubt it...might want to consider writing a security definer function
that you can give them permission to run instead of having them do things
directly.

David J.

#3Samuel Nelson
Samuel Nelson
valczir.darkvein@gmail.com
In reply to: David G. Johnston (#2)
Re: Partition Creation Permissions

Ah, I didn't realize that was an option on the function. They're already
being created by a trigger (the table is partitioned on a foreign key, so
partitions are created by a trigger on the referenced table); it sounds
like I can just update that trigger function with `security definer`.

-Sam

https://git.sr.ht/~nelsam
https://github.com/nelsam

"As an adolescent I aspired to lasting fame, I craved factual certainty, and
I thirsted for a meaningful vision of human life -- so I became a scientist.
This is like becoming an archbishop so you can meet girls."
-- Matt Cartmill

On Thu, Feb 4, 2021 at 4:42 PM David G. Johnston <david.g.johnston@gmail.com>
wrote:

Show quoted text

On Thu, Feb 4, 2021 at 3:39 PM Samuel Nelson <valczir.darkvein@gmail.com>
wrote:

I've been trying to restrict permissions of some users in our system and
noticed that `create table foo partition of bar for values from (x) to (y)`
complains that I must be the owner of the table. Is there another GRANT I
can give to my user to allow creation and dropping of partitions without
allowing them to drop the parent table?

I doubt it...might want to consider writing a security definer function
that you can give them permission to run instead of having them do things
directly.

David J.

← Back to Topics