RE: [SQL] User and Groups

For each group in pg_group you need to do the following:

UPDATE pg_group set grolist = '{501,514,502,503,504}' where grosysid = 1;

Where 501 - 504 is a list of pg_user.usesysid that should belong to the
group.

This really needs to be added to the documentation and "create user" needs
to be fixed to automatically do this.

-----Original Message-----
From: Greg Frith [SMTP:greg(at)malthouse(dot)demon(dot)co(dot)uk]
Sent: Wednesday, May 05, 1999 8:35 AM
To: pgsql-sql(at)postgreSQL(dot)org
Subject: [SQL] User and Groups

Hi, I'm having some problems trying to get my head around how users
and groups
work.

I have 2 groups of users: client & consultants. I create these
groups as
follows:-

/* Group : create group consultants */
INSERT INTO pg_group VALUES ('consultants', '100');
INSERT INTO pg_group VALUES ('clients', '200');

I then create some tables and set the permissions on these tables as
follows:-

REVOKE ALL ON clients, clientaddr, consultants, consultantaddr,
systemconstants, clients_consultants, tasks, client_extras,
timesheet, schedule, invoice, invoice_items,
pg_user, pg_shadow
FROM GROUP clients;

GRANT ALL ON clients, clientaddr, consultants, consultantaddr,
systemconstants, clients_consultants, tasks, client_extras,
timesheet, schedule, invoice, invoice_items
TO GROUP consultants;

Now I create a user:-

testdb=> CREATE USER paul IN GROUP consultants;
CREATE USER

I login as this user and try a select on a table that should have
permissions
set:-

testdb=> select * from consultants;
NOTICE: in_group: group 100 not found
ERROR: consultants: Permission denied.

I can't understand this - should I insert the user id of each
consultant user
into grolist of pg_group where groname = consultants?

TOA

--

---------------------------
Greg Frith - University Of Leeds : School of Computer Studies

Hi Michael, thanks for your help. Just after I posted the message I used this
manual insert method as a quick fix, its obviously the right way!! So what is
the point of the IN GROUP directive or ADD USER? Does this actually do
anything?

Michael J Davis wrote:

> For each group in pg_group you need to do the following:
>
> UPDATE pg_group set grolist = '{501,514,502,503,504}' where grosysid = 1;
>
> Where 501 - 504 is a list of pg_user.usesysid that should belong to the
> group.
>
> This really needs to be added to the documentation and "create user" needs
> to be fixed to automatically do this.
>
> -----Original Message-----
> From: Greg Frith [SMTP:greg(at)malthouse(dot)demon(dot)co(dot)uk]
> Sent: Wednesday, May 05, 1999 8:35 AM
> To: pgsql-sql(at)postgreSQL(dot)org
> Subject: [SQL] User and Groups
>
> Hi, I'm having some problems trying to get my head around how users
> and groups
> work.
>
> I have 2 groups of users: client & consultants. I create these
> groups as
> follows:-
>
> /* Group : create group consultants */
> INSERT INTO pg_group VALUES ('consultants', '100');
> INSERT INTO pg_group VALUES ('clients', '200');
>
> I then create some tables and set the permissions on these tables as
> follows:-
>
> REVOKE ALL ON clients, clientaddr, consultants, consultantaddr,
> systemconstants, clients_consultants, tasks, client_extras,
> timesheet, schedule, invoice, invoice_items,
> pg_user, pg_shadow
> FROM GROUP clients;
>
> GRANT ALL ON clients, clientaddr, consultants, consultantaddr,
> systemconstants, clients_consultants, tasks, client_extras,
> timesheet, schedule, invoice, invoice_items
> TO GROUP consultants;
>
> Now I create a user:-
>
> testdb=> CREATE USER paul IN GROUP consultants;
> CREATE USER
>
> I login as this user and try a select on a table that should have
> permissions
> set:-
>
> testdb=> select * from consultants;
> NOTICE: in_group: group 100 not found
> ERROR: consultants: Permission denied.
>
> I can't understand this - should I insert the user id of each
> consultant user
> into grolist of pg_group where groname = consultants?
>
> TOA
>
> --
>
> ---------------------------
> Greg Frith - University Of Leeds : School of Computer Studies
>