Participants
Kirk Strauser
Kirk Strauser
Tom Lane
Tom Lane
Stephan Szabo
Stephan Szabo
Attachments
Show all attachments
Thread Outline
#1Kirk StrauserKirk Strauser
Dec 04, 2001
#2Tom LaneTom Laneto Kirk Strauser (#1)
Dec 04, 2001
#3...#4
Stephan SzaboKirk Strauser
to Kirk Strauser (#1)
Dec 04, 2001
#3Stephan SzaboStephan Szaboto Kirk Strauser (#1)
Dec 04, 2001
#4Kirk StrauserKirk Strauserto Stephan Szabo (#3)
Dec 04, 2001

Grant blanket permissions on a database

Started by Kirk Strauserover 24 years ago4 messagesgeneral
Jump to latest
#1Kirk Strauser
Kirk Strauser
kirk@nmotioninc.com

I am using PostgreSQL-7.1.2_2 on a FreeBSD 4.4-STABLE server. I am running
Apache on the same machine, and have a PHP website that connects to the
PostgreSQL server on localhost. I want the user that the website connects
as to have full permission to do anything it wants on that particular
database, so it seemed like it would be reasonable to add to my pg_hba.conf:

host mydatabase 127.0.0.1 255.255.255.255 crypt

This works, in general. However, I always get errors similar to:

Warning: PostgreSQL query failed: ERROR: sysusers_usersys_seq.nextval: you
don't have permissions to set sequence sysusers_usersys_seq

when trying to insert data into a table with a serial field. Shouldn't the
host line allow that user full permission to create, drop, and update every
element in the database?
--
Kirk Strauser
Internet Software Engineer
NMotion, Inc.

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Kirk Strauser (#1)
Re: Grant blanket permissions on a database

Kirk Strauser <kirk@nmotioninc.com> writes:

when trying to insert data into a table with a serial field. Shouldn't the
host line allow that user full permission to create, drop, and update every
element in the database?

Nope. pg_hba.conf only tells whether you are allowed to connect to a
database, not what privileges you have once you're in it.

It would appear that you need to do a little GRANTing.

regards, tom lane

#3Stephan Szabo
Stephan Szabo
sszabo@megazone23.bigpanda.com
In reply to: Kirk Strauser (#1)
Re: Grant blanket permissions on a database

On 4 Dec 2001, Kirk Strauser wrote:

I am using PostgreSQL-7.1.2_2 on a FreeBSD 4.4-STABLE server. I am running
Apache on the same machine, and have a PHP website that connects to the
PostgreSQL server on localhost. I want the user that the website connects
as to have full permission to do anything it wants on that particular
database, so it seemed like it would be reasonable to add to my pg_hba.conf:

host mydatabase 127.0.0.1 255.255.255.255 crypt

This works, in general. However, I always get errors similar to:

Warning: PostgreSQL query failed: ERROR: sysusers_usersys_seq.nextval: you
don't have permissions to set sequence sysusers_usersys_seq

when trying to insert data into a table with a serial field. Shouldn't the
host line allow that user full permission to create, drop, and update every
element in the database?

IIRC, The pg_hba.conf gives the database level access permissions. You
still need to GRANT the appropriate permissions to the user (or make the
user an superuser - in which case you probably want to make sure the
user cannot log into other databases).

#4Kirk Strauser
Kirk Strauser
kirk@nmotioninc.com
In reply to: Stephan Szabo (#3)
Re: Grant blanket permissions on a database

At 2001-12-04T20:43:26Z, Stephan Szabo <sszabo@megazone23.bigpanda.com> writes:

IIRC, The pg_hba.conf gives the database level access permissions. You
still need to GRANT the appropriate permissions to the user (or make the
user an superuser - in which case you probably want to make sure the user
cannot log into other databases).

I guess I was used to the MySQL permissions scheme. So, I've determined
that 'grant all on * to username' doesn't work. Does that mean that I have
to iterate through each and every object in the database?
--
Kirk Strauser
Internet Software Engineer
NMotion, Inc.

← Back to Topics