select only user
This is a discussion on select only user within the pgsql Admins forums, part of the PostgreSQL category; --> I created a user and granted only "select" to this user so that this user can only select the ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-10-2008, 09:18 AM
| ||||
| ||||
 select only user I created a user and granted only "select" to this user so that this user can only select the tables on a production system. But by default, this user can also CREATE TABLE successfully.... How can I revoke this "create table" privilege (and possible others) and limit this user to only the permissions granted by me? Thanks, Jessica --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.      |
|
04-10-2008, 09:18 AM
| |||
| |||
| Re: select only user Jessica Richard написа: > I created a user and granted only "select" to this user so that this user can only select the tables on a production system. But by default, this user can also CREATE TABLE successfully.... > > How can I revoke this "create table" privilege (and possible others) and limit this user to only the permissions granted by me? > Revoke the "create" privilege on the "public" schema (or any other schema you've created) from 'public' (that's special "role"). Also revoke the "create" privilege on the database(s) in question from the same special role 'public' to prevent creation of new schemas. More here - http://www.postgresql.org/docs/curre...sql-grant.html. -- Milen A. Radev ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly |
|
04-10-2008, 09:18 AM
| |||
| |||
| Re: select only user Milen A. Radev написа: > Jessica Richard написа: >> I created a user and granted only "select" to this user so that this >> user can only select the tables on a production system. But by >> default, this user can also CREATE TABLE successfully.... >> >> How can I revoke this "create table" privilege (and possible others) >> and limit this user to only the permissions granted by me? >> > > Revoke the "create" privilege on the "public" schema (or any other > schema you've created) from 'public' (that's special "role"). Also > revoke the "create" privilege on the database(s) in question from the > same special role 'public' to prevent creation of new schemas. > > More here - http://www.postgresql.org/docs/curre...sql-grant.html. Almost forgot - there is another way if the role in question would be read-only: ALTER USER username SET default_transaction_read_only to true; (http://archives.postgresql.org/pgsql...0/msg00101.php) -- Milen A. Radev ---------------------------(end of broadcast)--------------------------- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate |
|
04-10-2008, 09:18 AM
| |||
| |||
| Re: select only user Thanks!!! "ALTER USER username SET default_transaction_read_only to true" worked. One more question: where do I see the current setting of "default_transacton_read_only (true for false) for each user on the system? Is there a table that keeps this kind of info for all users? Thanks again, Jessica "Milen A. Radev" <milen@radev.net> wrote: Milen A. Radev написа: > Jessica Richard написа: >> I created a user and granted only "select" to this user so that this >> user can only select the tables on a production system. But by >> default, this user can also CREATE TABLE successfully.... >> >> How can I revoke this "create table" privilege (and possible others) >> and limit this user to only the permissions granted by me? >> > > Revoke the "create" privilege on the "public" schema (or any other > schema you've created) from 'public' (that's special "role"). Also > revoke the "create" privilege on the database(s) in question from the > same special role 'public' to prevent creation of new schemas. > > More here - http://www.postgresql.org/docs/curre...sql-grant.html. Almost forgot - there is another way if the role in question would be read-only: ALTER USER username SET default_transaction_read_only to true; (http://archives.postgresql.org/pgsql...0/msg00101.php) -- Milen A. Radev ---------------------------(end of broadcast)--------------------------- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate --------------------------------- Looking for last minute shopping deals? Find them fast with Yahoo! Search. |
|
04-10-2008, 09:18 AM
| ||||
| ||||
| Re: select only user Jessica Richard написа: > Thanks!!! > "ALTER USER username SET default_transaction_read_only to true" worked. > > One more question: > > where do I see the current setting of "default_transacton_read_only (true for false) for each user on the system? Is there a table that keeps this kind of info for all users? [...] SELECT * FROM pg_roles where rolname = '<username>'; -[ RECORD 1 ]-+------------------------------------- rolname | <username> rolsuper | f rolinherit | t rolcreaterole | f rolcreatedb | f rolcatupdate | f rolcanlogin | t rolconnlimit | -1 rolpassword | ******** rolvaliduntil | rolconfig | {default_transaction_read_only=true} oid | 53531114 (http://www.postgresql.org/docs/curre...ase-roles.html) -- Milen A. Radev ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org |
Linear Mode
