Lists: | pgsql-general |
---|
From: | Alexander Priem <ap(at)cict(dot)nl> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Grant / Revoke functionality |
Date: | 2004-02-18 08:08:32 |
Message-ID: | 20040218080832.AA608D1DD26@svr1.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
<P>Hi guys,</P>
<P>I have a fairly big PostgreSQL 7.4.0 database running here and I am currently busy managing the rights of the different database users. I have a lot of tables, vieuws, sequences etc.</P>
<P>If I use Grant / Revoke to manage user rights, I have to name all of the different tables/views to grant or revoke a right. For instance, I cannot say something like 'Revoke Select on all tables' followed by 'Grant Select on all views' so users can only access data through views. There is only something like 'Grant Select on database xxx'...</P>
<P>Is there a way in which I can give rights to a user for a set of tables/views/sequences WITHOUT having to name all of the table/view/sequence names?</P>
<P>Thanks in advance.</P>
<P>Alexander Priem</P>
Attachment | Content-Type | Size |
---|---|---|
unknown_filename | text/html | 763 bytes |
From: | Shridhar Daithankar <shridhar(at)frodo(dot)hserus(dot)net> |
---|---|
To: | Alexander Priem <ap(at)cict(dot)nl> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Grant / Revoke functionality |
Date: | 2004-02-18 08:45:49 |
Message-ID: | 200402181415.36565.shridhar@frodo.hserus.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
On Wednesday 18 February 2004 13:38, Alexander Priem wrote:
> Is there a way in which I can give rights to a user for a set of
> tables/views/sequences WITHOUT having to name all of the
> table/view/sequence names?
You can use schemas. Just put everything under schema and grant user rights to
the schema...
HTH
Shridhar
From: | Richard Huxton <dev(at)archonet(dot)com> |
---|---|
To: | shridhar(at)frodo(dot)hserus(dot)net, Alexander Priem <ap(at)cict(dot)nl> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Grant / Revoke functionality |
Date: | 2004-02-18 09:54:48 |
Message-ID: | 200402180954.48019.dev@archonet.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
On Wednesday 18 February 2004 08:45, Shridhar Daithankar wrote:
> On Wednesday 18 February 2004 13:38, Alexander Priem wrote:
> > Is there a way in which I can give rights to a user for a set of
> > tables/views/sequences WITHOUT having to name all of the
> > table/view/sequence names?
>
> You can use schemas. Just put everything under schema and grant user rights
> to the schema...
Also - have a look on techdocs.postgresql.org - before we had schemas someone
had written a plpgsql function to do wildcard matching of table names, also a
shell-script/perl iirc.
--
Richard Huxton
Archonet Ltd
From: | Kris Jurka <books(at)ejurka(dot)com> |
---|---|
To: | Shridhar Daithankar <shridhar(at)frodo(dot)hserus(dot)net> |
Cc: | Alexander Priem <ap(at)cict(dot)nl>, <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Grant / Revoke functionality |
Date: | 2004-02-19 05:35:33 |
Message-ID: | Pine.LNX.4.33.0402190033160.3059-100000@leary.csoft.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
On Wed, 18 Feb 2004, Shridhar Daithankar wrote:
> On Wednesday 18 February 2004 13:38, Alexander Priem wrote:
> > Is there a way in which I can give rights to a user for a set of
> > tables/views/sequences WITHOUT having to name all of the
> > table/view/sequence names?
>
> You can use schemas. Just put everything under schema and grant user
> rights to the schema...
>
This is not accurate. The only schema level permissions are CREATE and
USAGE they are independent of the permissions on the objects contained
within. He would still need to grant access to the underlying objects.
Kris Jurka
From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Kris Jurka <books(at)ejurka(dot)com> |
Cc: | Shridhar Daithankar <shridhar(at)frodo(dot)hserus(dot)net>, Alexander Priem <ap(at)cict(dot)nl>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Grant / Revoke functionality |
Date: | 2004-02-19 06:34:46 |
Message-ID: | 29423.1077172486@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
Kris Jurka <books(at)ejurka(dot)com> writes:
> On Wed, 18 Feb 2004, Shridhar Daithankar wrote:
>> You can use schemas. Just put everything under schema and grant user
>> rights to the schema...
> This is not accurate. The only schema level permissions are CREATE and
> USAGE they are independent of the permissions on the objects contained
> within. He would still need to grant access to the underlying objects.
Right, but he could grant the required rights to PUBLIC and rely on
schema-level USAGE to control whether particular users can actually
get at particular objects. It'd be a pretty coarse-grained structure,
but it might be good enough.
Personally I'd suggest looking at using groups ...
regards, tom lane
From: | "Chris Ochs" <chris(at)paymentonline(dot)com> |
---|---|
To: | <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Grant / Revoke functionality |
Date: | 2004-06-04 05:50:06 |
Message-ID: | 022701c449f7$ca4f4940$239b2904@chris2 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
> On Wed, 18 Feb 2004, Shridhar Daithankar wrote:
>
> > On Wednesday 18 February 2004 13:38, Alexander Priem wrote:
> > > Is there a way in which I can give rights to a user for a set of
> > > tables/views/sequences WITHOUT having to name all of the
> > > table/view/sequence names?
> >
> > You can use schemas. Just put everything under schema and grant user
> > rights to the schema...
> >
>
> This is not accurate. The only schema level permissions are CREATE and
> USAGE they are independent of the permissions on the objects contained
> within. He would still need to grant access to the underlying objects.
>
> Kris Jurka
>
If you need to do this for a lot of users use group permissions, it's a lot
easier to manage.
Chris