Re: Question about permissions on database.

On Sat, Sep 22, 2012 at 11:35:00PM +0300, Condor wrote:
> Hello,
> I wanna ask: is there a short way to giver permission to one user to
> select/insert (all privileges) on whole database ?
> Im create a user and try to give him all permission on existing
> database, but when I try to select always got:
> ERROR:  permission denied for relation table_name
>
> I simple do:
> GRANT ALL PRIVILEGES ON DATABASE my_db TO my_user;
> and when I do that my idea and what Im trying to do is to give all
> privileges on for select, insert, update ... using sequences, exec
> functions
> to one user, but when I try to select, I receive error message:
> ERROR:  permission denied for relation table_name
>
> I look at documentation and remained less scarred about how many
> grants I should do for tables, for sequences, execution.
> Im using postgresql 9.2
You don't want to GRANT on the database. That doesn't do what you think
it does. You, however, can do:

GRANT ALL ON ALL TABLES IN SCHEMA public TO your_user;

This is documented clearly here:
http://www.postgresql.org/docs/9.2/static/sql-grant.html

This is generally a bad idea.

You can alternatively make the user a super user:

ALTER ROLE your_user WITH SUPERUSER;

But this is an even worse idea.

If one role owns all the tables in that database, you can make your role
a member of that role:

GRANT owner_role TO your_role;

But are you really sure that your user needs permissions on everything?

-Ryan Kelly