Re: indirect membership in group roles
| От | Tom Lane |
|---|---|
| Тема | Re: indirect membership in group roles |
| Дата | |
| Msg-id | 14421.1238712487@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | indirect membership in group roles (Kev <kevinjamesfield@gmail.com>) |
| Список | pgsql-general |
Kev <kevinjamesfield@gmail.com> writes:
> For some reason, which I couldn't see spelled out very well in the
> docs for GRANT ROLE and SET ROLE, indirect membership in the group
> "user" doesn't give one its privileges unless you SET ROLE "user"
> first, even if all roles involved have INHERIT set.
Really? Works for me:
regression=# create group student inherit;
CREATE ROLE
regression=# create group employee inherit;
CREATE ROLE
regression=# create group "user";
CREATE ROLE
regression=# grant "user" to student;
GRANT ROLE
regression=# grant "user" to employee;
GRANT ROLE
regression=# create user joe inherit;
CREATE ROLE
regression=# grant student to joe;
GRANT ROLE
regression=# create table mytable (f1 int);
CREATE TABLE
regression=# grant select on mytable to "user";
GRANT
regression=# \c - joe
psql (8.4devel)
You are now connected to database "regression" as user "joe".
regression=> select * from mytable;
f1
----
(0 rows)
I suspect you forgot to attach the "inherit" property to the
intermediate-level group.
regards, tom lane
В списке pgsql-general по дате отправления: