Grant question

Mensaje citado por Barbara Lindsey <blindsey@cog.ufl.edu>:

What kind of grant do you need to give a user so that they can have
permission to do a "SELECT nextval(ID)" on a sequence?
I granted the user SELECT,UPDATE,INSERT,DELETE on all the tables,
including the one that has the sequence, but the sequence query is
failing on permissions.

You have to give him grant permissons on the sequence, not only the table, as when
you do a nextval(�sequece_name�) you are updating the value of the sequence.

P.D.: Could there be some extra docs about this in the GRANT command manual:

http://www.postgresql.org/docs/current/interactive/sql-grant.html

It speeks about granting all kind of relations, but not sequences. Just a tip.

--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
-------------------------------------------------------
Mart�n Marqu�s | Programador, DBA
Centro de Telem�tica | Administrador
Universidad Nacional
del Litoral
-------------------------------------------------------

Yay! It works.
Thank you.

Bruno Wolff III wrote:

On Thu, Jan 29, 2004 at 09:52:56 -0500,
Barbara Lindsey <blindsey@cog.ufl.edu> wrote:

What kind of grant do you need to give a user so that they can have
permission to do a "SELECT nextval(ID)" on a sequence?
I granted the user SELECT,UPDATE,INSERT,DELETE on all the tables,
including the one that has the sequence, but the sequence query is
failing on permissions.

Sequences have permissions separate from tables. I believe you need
update access to call nextval or setval on a sequence. This should
be described in the documention on the GRANT command.

--
Barbara E. Lindsey,
COG RDC
Phone: (352) 392-5198 ext. 314 Fax: (352) 392-8162

----
CONFIDENTIALITY NOTICE: The information contained in this electronic
message is legally privileged and confidential and intended only for the
use of the individual(s) or entity(ies) named above. If the reader of
this message is not the intended recipient, you are hereby notified that
any dissemination, distribution, or copying of this email or any of it's
components is strictly prohibited. If you have received this email in
error, please contact the sender.
----

On Thu, Jan 29, 2004 at 09:52:56 -0500,
Barbara Lindsey <blindsey@cog.ufl.edu> wrote:

What kind of grant do you need to give a user so that they can have
permission to do a "SELECT nextval(ID)" on a sequence?
I granted the user SELECT,UPDATE,INSERT,DELETE on all the tables,
including the one that has the sequence, but the sequence query is
failing on permissions.

Sequences have permissions separate from tables. I believe you need
update access to call nextval or setval on a sequence. This should
be described in the documention on the GRANT command.

I think you should provide an explicit grant (all) on the sequence as
well. The Sequence is an object that is distinct from the table that uses
it.

John Sidney-Woollett

Barbara Lindsey said:

On Thu, Jan 29, 2004 at 09:52:56 -0500,
Barbara Lindsey <blindsey@cog.ufl.edu> wrote:

What kind of grant do you need to give a user so that they can have
permission to do a "SELECT nextval(ID)" on a sequence?
I granted the user SELECT,UPDATE,INSERT,DELETE on all the tables,
including the one that has the sequence, but the sequence query is
failing on permissions.

Sequences have permissions separate from tables. I believe you need
update access to call nextval or setval on a sequence. This should be
described in the documention on the GRANT command.

CREATE SEQUENCE paid.person_person_pk_seq
INCREMENT 1
MINVALUE 1
MAXVALUE 9223372036854775807
START 232
CACHE 1;
REVOKE ALL ON TABLE paid.person_person_pk_seq FROM public;
GRANT ALL ON TABLE paid.person_person_pk_seq TO blindsey;
GRANT SELECT, UPDATE ON TABLE paid.person_person_pk_seq TO GROUP app_user;

~Berend Tober

What permission does a user need to have to query the pg_ tables
(pg_attribute, pg_class, etc) ? Do they require special permissions?

arbara Lindsey wrote:

What kind of grant do you need to give a user so that they can have
permission to do a "SELECT nextval(ID)" on a sequence?
I granted the user SELECT,UPDATE,INSERT,DELETE on all the tables,
including the one that has the sequence, but the sequence query is
failing on permissions.

--
Barbara E. Lindsey,
COG RDC
Phone: (352) 392-5198 ext. 314 Fax: (352) 392-8162

----
CONFIDENTIALITY NOTICE: The information contained in this electronic
message is legally privileged and confidential and intended only for the
use of the individual(s) or entity(ies) named above. If the reader of
this message is not the intended recipient, you are hereby notified that
any dissemination, distribution, or copying of this email or any of it's
components is strictly prohibited. If you have received this email in
error, please contact the sender.
----

El Jue 29 Ene 2004 16:26, Barbara Lindsey escribió:

What permission does a user need to have to query the pg_ tables
(pg_attribute, pg_class, etc) ? Do they require special permissions?

What kind of queries? Read or Write?

Users have permission to read from most catalog tables. One they can't read
for security resons is pg_shadow:

prueba=> select * from pg_shadow;
ERROR: pg_shadow: permission denied

Saludos... :-)

--
16:44:01 up 64 days, 23:00, 3 users, load average: 0.46, 0.38, 0.30
-----------------------------------------------------------------
Martín Marqués | select 'mmarques' || '@' || 'unl.edu.ar'
Centro de Telematica | DBA, Programador, Administrador
Universidad Nacional
del Litoral
-----------------------------------------------------------------