Re: the "users" group and restricting privileges
| От | Jim C. Nasby |
|---|---|
| Тема | Re: the "users" group and restricting privileges |
| Дата | |
| Msg-id | 20051130001304.GV78939@pervasive.com обсуждение исходный текст |
| Ответ на | the "users" group and restricting privileges (Dan Tenenbaum <dandante@gmail.com>) |
| Список | pgsql-admin |
On Tue, Nov 29, 2005 at 03:30:33PM -0800, Dan Tenenbaum wrote: > I want to create a postgresql user with restricted permissions--all it > should be able to do is select on a few views that I specify. > > So I did the following, as the database owner: > create user viewer password 'xxxx'; > grant select on myview to viewer; > > Then, when I start psql as the viewer user, specifying the same database > with the -d switch, I try this: > select * from myview; > and get this: > ERROR: permission denied for schema myschema > What do I need to do to get the correct permissions? GRANT USAGE ON SCHEMA myschema TO viewer; > Also, there is a group called "users" and the database owner is in that > group. But I have not granted any explicit privileges to that group. And the > database is owned by a particular user, not a group. However, I notice that > when I added the "viewer" user to the "users" group, that the user seemed to > be able to do everything that the database owner could do. That is not what > I want. But the above (not being able to select a view that I thought I had > select permission for) is not what I want either. > > The above paragraph would seem to suggest that a group called "users" has > some special properties. I could not find any documentation for that in the > postgres docs (I am using version 7.4). Perhaps I couldn't find it because > almost every page in the docs seems to have the word "users" in it, so it is > hard to disambiguate my search. > If someone could point me towards documentation of the special properties of > the "users" group that would be helpful...but the thing I most want help > with is creating a user with restricted views as described above. There is no default users group, only PUBLIC (which isn't really a group in the system afaict). If you install newsysviews (http://pgfoundry.org/projects/newsysviews/) you can query pg_user_grants to help diagnose where the permissions are comming from. Or you could use a big, hairy query to do it... -- Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com Pervasive Software http://pervasive.com work: 512-231-6117 vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
В списке pgsql-admin по дате отправления: