Participants
Magnus Hagander
Magnus Hagander
Jim Nasby
Jim Nasby
Bruce Momjian
Bruce Momjian
Attachments
Show all attachments
Thread Outline
#1Magnus HaganderMagnus Hagander
Dec 30, 2005
#2Jim NasbyJim Nasbyto Magnus Hagander (#1)
Jan 03, 2006
#3Bruce MomjianBruce Momjianto Jim Nasby (#2)
Feb 14, 2006

Permissions vs SERIAL columns

Started by Magnus Haganderover 20 years ago3 messageshackers
Jump to latest
#1Magnus Hagander
Magnus Hagander
magnus@hagander.net

Haven't seen this discussed in a while, but I do recall it being
mentioned sometime before...

The problem:
testdb=# create table mytable (id serial, txt text);
testdb=# grant insert on mytable to user2;
GRANT
testdb=# \connect testdb user2
You are now connected to database "testdb" as user "user2".
testdb=> insert into mytable (txt) values ('foobar');
ERROR: permission denied for sequence mytable_id_seq

What I'd like to happen is for the grant for INSERT on the table to
cascade into an UPDATE permission on the sequence (when associated with
a SERIAL column only, of course).

Coming from a different database, such as MSSQL, makes people forget
this very easily, and it becomes very annoying.

Is this something that can be done without too much work? Anything you
can do in current pg even, just me not knowing how?

//Magnus

#2Jim Nasby
Jim Nasby
Jim.Nasby@BlueTreble.com
In reply to: Magnus Hagander (#1)
Re: Permissions vs SERIAL columns

If nothing else, this should at least be documented in
http://www.postgresql.org/docs/8.1/interactive/datatype.html#DATATYPE-SERIAL

On Fri, Dec 30, 2005 at 07:32:18PM +0100, Magnus Hagander wrote:

Haven't seen this discussed in a while, but I do recall it being
mentioned sometime before...

The problem:
testdb=# create table mytable (id serial, txt text);
testdb=# grant insert on mytable to user2;
GRANT
testdb=# \connect testdb user2
You are now connected to database "testdb" as user "user2".
testdb=> insert into mytable (txt) values ('foobar');
ERROR: permission denied for sequence mytable_id_seq

What I'd like to happen is for the grant for INSERT on the table to
cascade into an UPDATE permission on the sequence (when associated with
a SERIAL column only, of course).

Coming from a different database, such as MSSQL, makes people forget
this very easily, and it becomes very annoying.

Is this something that can be done without too much work? Anything you
can do in current pg even, just me not knowing how?

//Magnus

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461

#3Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Jim Nasby (#2)
Re: Permissions vs SERIAL columns

Jim C. Nasby wrote:

If nothing else, this should at least be documented in
http://www.postgresql.org/docs/8.1/interactive/datatype.html#DATATYPE-SERIAL

I looked at this URL and just didn't see a good place to talk about
SERIAL sequence permissions, so I added something to the GRANT manual
page, attached.

---------------------------------------------------------------------------

On Fri, Dec 30, 2005 at 07:32:18PM +0100, Magnus Hagander wrote:

Haven't seen this discussed in a while, but I do recall it being
mentioned sometime before...

The problem:
testdb=# create table mytable (id serial, txt text);
testdb=# grant insert on mytable to user2;
GRANT
testdb=# \connect testdb user2
You are now connected to database "testdb" as user "user2".
testdb=> insert into mytable (txt) values ('foobar');
ERROR: permission denied for sequence mytable_id_seq

What I'd like to happen is for the grant for INSERT on the table to
cascade into an UPDATE permission on the sequence (when associated with
a SERIAL column only, of course).

Coming from a different database, such as MSSQL, makes people forget
this very easily, and it becomes very annoying.

Is this something that can be done without too much work? Anything you
can do in current pg even, just me not knowing how?

//Magnus

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Attachments:

/bjm/difftext/plainDownload+7-0
← Back to Topics