| Lists: | pgsql-hackers |
|---|
| From: | Edgar Mares <edgarmaf(at)ife(dot)org(dot)mx> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | grants |
| Date: | 2004-03-02 17:14:42 |
| Message-ID: | 4044C102.7020601@ife.org.mx |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
hi there i'm having troubles to find how to
GRANT SELECT ON all-tables-onmydb TO specificuser
this is just to give the access to "specificuser" to query the
database and find troubles on it
thnx for your time
| From: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | Edgar Mares <edgarmaf(at)ife(dot)org(dot)mx> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: grants |
| Date: | 2004-03-10 02:16:18 |
| Message-ID: | 404E7A72.9070506@familyhealth.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
> hi there i'm having troubles to find how to
> GRANT SELECT ON all-tables-onmydb TO specificuser
There isn't any such command. You need to write a stored procedure to
do it for you in a loop.
Chris
| From: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
|---|---|
| To: | Edgar Mares <edgarmaf(at)ife(dot)org(dot)mx> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: grants |
| Date: | 2004-03-10 11:53:41 |
| Message-ID: | 404F01C5.900@pse-consulting.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Edgar Mares wrote:
> hi there i'm having troubles to find how to
> GRANT SELECT ON all-tables-onmydb TO specificuser
>
> this is just to give the access to "specificuser" to query the
> database and find troubles on it
pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on
the todo-list)
Regards,
Andreas
| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
| Cc: | Edgar Mares <edgarmaf(at)ife(dot)org(dot)mx>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: grants |
| Date: | 2004-03-10 16:15:56 |
| Message-ID: | Pine.BSO.4.56.0403101112010.1611@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Wed, 10 Mar 2004, Andreas Pflug wrote:
> Edgar Mares wrote:
>
> > hi there i'm having troubles to find how to
> > GRANT SELECT ON all-tables-onmydb TO specificuser
> >
> > this is just to give the access to "specificuser" to query the
> > database and find troubles on it
>
> pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on
> the todo-list)
>
The problem that cannot be solved with either this or a function that
loops and grants on each table is that it is not a permanent grant of what
the admin had in mind. If a new table is added or an existing table is
dropped and recreated, the grants must be done again. The real use of a
SELECT ANY TABLE permission is ignorance of schema updates.
Kris Jurka
| From: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
|---|---|
| To: | Kris Jurka <books(at)ejurka(dot)com> |
| Cc: | Edgar Mares <edgarmaf(at)ife(dot)org(dot)mx>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: grants |
| Date: | 2004-03-10 16:43:15 |
| Message-ID: | 404F45A3.5050802@pse-consulting.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Kris Jurka wrote:
>On Wed, 10 Mar 2004, Andreas Pflug wrote:
>
>
>
>>Edgar Mares wrote:
>>
>>
>>
>>>hi there i'm having troubles to find how to
>>>GRANT SELECT ON all-tables-onmydb TO specificuser
>>>
>>>this is just to give the access to "specificuser" to query the
>>>database and find troubles on it
>>>
>>>
>>pgAdmin II has a tool for that (Security wizard; pgAdmin III has it on
>>the todo-list)
>>
>>
>>
>
>The problem that cannot be solved with either this or a function that
>loops and grants on each table is that it is not a permanent grant of what
>the admin had in mind. If a new table is added or an existing table is
>dropped and recreated, the grants must be done again. The real use of a
>SELECT ANY TABLE permission is ignorance of schema updates.
>
>
Hm, does this exist in other DBMS?
As soon as roles are implemented, there might be a default role
('public') for this. Until then, using groups solves most of the
problems (well, you certainly still need to GRANT rights to your
preferred group).
Regards,
Andreas
| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
| Cc: | Edgar Mares <edgarmaf(at)ife(dot)org(dot)mx>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: grants |
| Date: | 2004-03-11 06:13:28 |
| Message-ID: | Pine.BSO.4.56.0403110108440.101@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Wed, 10 Mar 2004, Andreas Pflug wrote:
> Kris Jurka wrote:
>
> >On Wed, 10 Mar 2004, Andreas Pflug wrote:
> >
> >The problem that cannot be solved with either this or a function that
> >loops and grants on each table is that it is not a permanent grant of what
> >the admin had in mind. If a new table is added or an existing table is
> >dropped and recreated, the grants must be done again. The real use of a
> >SELECT ANY TABLE permission is ignorance of schema updates.
> >
> >
> Hm, does this exist in other DBMS?
> As soon as roles are implemented, there might be a default role
> ('public') for this. Until then, using groups solves most of the
> problems (well, you certainly still need to GRANT rights to your
> preferred group).
>
Groups help, but only if you want to GRANT to more than one user, and you
still need to do it on after schema changes. I know this is implemented
in at least Oracle, SELECT ANY TABLE is in fact the permission
name used.
Kris Jurka