default privileges are npt working
Hi,
I have a postgres instance running on version 15 in centos7.
I have created a custom database and revoked all public privileges from
that database.
Then I have created a custom schema in that custom database.
Now I have created one writer *user* and one reader *user *by postgres
superuser and then granted connect privileges on the database.
Then I have given all privileges of schema level and table level to the
writer *user *so that it can create tables and insert data in the tables in
that schema.
And for reader *user * I have granted usage only privileges on schema level
and select privileges on table level so that it can only read the data of
tables.
Then I granted default "select" privileges to reader *user *to read data of
all tables created by writer *user* using below command:
alter default privileges in schema <custom schema> grant select on tables
to <reader user>.
but when I am connected to the reader user I am not able to read the data
inserted by the writer *user* and getting permission denied error.
I can only see the list of tables created by the writer user, not the data.
Am I missing something here? Please let me know.
*My Goal: To read the data by reader user inserted by writer user.*
Regards.
Hi.
I think the ALTER DEFAULT PRIVILEGES command affects only tables that are
created after the command is executed. Tables created by the writer user
before you executed the ALTER DEFAULT PRIVILEGES command would not
automatically have select privileges granted to the reader user. You can
try by explicitly granting select privileges on the existing tables to the
reader user.
On Fri, 30 Aug 2024 at 16:14, Atul Kumar <akumar14871@gmail.com> wrote:
Show quoted text
Hi,
I have a postgres instance running on version 15 in centos7.
I have created a custom database and revoked all public privileges from
that database.Then I have created a custom schema in that custom database.
Now I have created one writer *user* and one reader *user *by postgres
superuser and then granted connect privileges on the database.Then I have given all privileges of schema level and table level to the
writer *user *so that it can create tables and insert data in the tables
in that schema.And for reader *user * I have granted usage only privileges on schema
level and select privileges on table level so that it can only read the
data of tables.Then I granted default "select" privileges to reader *user *to read data
of all tables created by writer *user* using below command:alter default privileges in schema <custom schema> grant select on tables
to <reader user>.but when I am connected to the reader user I am not able to read the data
inserted by the writer *user* and getting permission denied error.I can only see the list of tables created by the writer user, not the data.
Am I missing something here? Please let me know.
*My Goal: To read the data by reader user inserted by writer user.*
Regards.
## Atul Kumar (akumar14871@gmail.com):
Then I granted default "select" privileges to reader *user *to read data of
all tables created by writer *user* using below command:alter default privileges in schema <custom schema> grant select on tables
to <reader user>.
"ALTER DEFAULT PRIVILEGES allows you to set the privileges that
will be applied to objects created in the future. (It does not affect
privileges assigned to already-existing objects.)"
That's the first two sentences from
https://www.postgresql.org/docs/current/sql-alterdefaultprivileges.html
If you want to grant/revoke access on existing objects, use plain
old GRANT/REVOKE: https://www.postgresql.org/docs/current/sql-grant.html
Regards,
Christoph
--
Spare Space.
On Friday, August 30, 2024, Atul Kumar <akumar14871@gmail.com> wrote:
I have a postgres instance running on version 15 in centos7.
I have created a custom database and revoked all public privileges from
that database.
Would be better to provide the actual psql script of what you’ve done
instead of writing it out in prose. That way the question of whether you’ve
done something wrong or not is directly and accurately answerable
David J.