Re: grant connect on database
| От | Adrian Klaver |
|---|---|
| Тема | Re: grant connect on database |
| Дата | |
| Msg-id | 5671D7E2.90501@aklaver.com обсуждение исходный текст |
| Ответ на | Re: grant connect on database (Jerry Sievers <gsievers19@comcast.net>) |
| Список | pgsql-general |
On 12/16/2015 11:58 AM, Jerry Sievers wrote: > spur230 <sabinpradhan@gmail.com> writes: > >> I am using Postgres 9.4. I created a login role and gave select to all >> tables to a schema as follows: >> >> >> create role fix; >> create role dcv login password 'mypassword' in role fix; >> grant select on all tables on schema xzy to dcv'; >> >> I was able to connect to the database without giving 'grant connect on >> database db1 to dcv' >> >> My question is when do I have to explicitly give connect grant? How did >> user dcv connect to database without the connect privilege? > > NEver, unless you were to revoke it from public.. > > Connect is granted to public by default. For what is GRANTed by default see: http://www.postgresql.org/docs/9.4/interactive/sql-grant.html Highlights: "The key word PUBLIC indicates that the privileges are to be granted to all roles, including those that might be created later. PUBLIC can be thought of as an implicitly defined group that always includes all roles. Any particular role will have the sum of privileges granted directly to it, privileges granted to any role it is presently a member of, and privileges granted to PUBLIC." .... "PostgreSQL grants default privileges on some types of objects to PUBLIC. No privileges are granted to PUBLIC by default on tables, columns, schemas or tablespaces. For other types, the default privileges granted to PUBLIC are as follows: CONNECT and CREATE TEMP TABLE for databases; EXECUTE privilege for functions; and USAGE privilege for languages. The object owner can, of course, REVOKE both default and expressly granted privileges. (For maximum security, issue the REVOKE in the same transaction that creates the object; then there is no window in which another user can use the object.) Also, these initial default privilege settings can be changed using the ALTER DEFAULT PRIVILEGES command." > > > >> Thanks >> >> >> >> -- >> View this message in context: http://postgresql.nabble.com/grant-connect-on-database-tp5877872.html >> Sent from the PostgreSQL - general mailing list archive at Nabble.com. > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: