public inbox for [email protected]help / color / mirror / Atom feed
GRANT USAGE ON SCHEMA 4+ messages / 3 participants [nested] [flat]
* GRANT USAGE ON SCHEMA @ 2025-06-14 22:08 Edwin UY <[email protected]> 0 siblings, 2 replies; 4+ messages in thread From: Edwin UY @ 2025-06-14 22:08 UTC (permalink / raw) To: Pgsql-admin <[email protected]> Hi, Just playing around here trying and 'confused' what the GRANT USAGE ON SCHEMA is supposed to be for? I thought it was supposed to all 'full' access of one schema to the other I have created 2 schema a, b and I did grant usage on schema a to b grant usage on schema b to a I tried to select tables from one to the other and it is giving permission denied until I have to do the grant below. grant all on all tables in schema a to b ; grant all on all tables in schema b to a ; Is this expected behavior? Or does the GRANT USAGE only allows switching between schema? Regards, Edd ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: GRANT USAGE ON SCHEMA @ 2025-06-14 22:29 Tom Lane <[email protected]> parent: Edwin UY <[email protected]> 1 sibling, 0 replies; 4+ messages in thread From: Tom Lane @ 2025-06-14 22:29 UTC (permalink / raw) To: Edwin UY <[email protected]>; +Cc: Pgsql-admin <[email protected]> Edwin UY <[email protected]> writes: > Just playing around here trying and 'confused' what the GRANT USAGE ON > SCHEMA is supposed to be for? > I thought it was supposed to all 'full' access of one schema to the other No. Schema USAGE is more or less like directory read permissions in a file system: it lets you get to the contained objects. You also need appropriate permissions on the contained objects in order to do anything with them. regards, tom lane ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: GRANT USAGE ON SCHEMA @ 2025-06-14 23:19 David G. Johnston <[email protected]> parent: Edwin UY <[email protected]> 1 sibling, 1 reply; 4+ messages in thread From: David G. Johnston @ 2025-06-14 23:19 UTC (permalink / raw) To: Edwin UY <[email protected]>; +Cc: Pgsql-admin <[email protected]> On Sat, Jun 14, 2025 at 3:09 PM Edwin UY <[email protected]> wrote: > I thought it was supposed to all 'full' access of one schema to the other > Where did you get the idea that objects (aside from roles) ever get privileges on other objects? Or did you also create roles "a" and "b" and are just using the wrong terminology here? There is also no such thing as permissions on one type of object somehow affecting your privileges on other object types. Your privileges on schemas will not influence (directly) your permissions on tables. Neither to grant additional privileges or to block them - say if you don't have usage on schema but do have select on a contained table. Corner-cases that do behave this way notwithstanding - it isn't reliable. David J. ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: GRANT USAGE ON SCHEMA @ 2025-06-15 10:06 Edwin UY <[email protected]> parent: David G. Johnston <[email protected]> 0 siblings, 0 replies; 4+ messages in thread From: Edwin UY @ 2025-06-15 10:06 UTC (permalink / raw) To: David G. Johnston <[email protected]>; +Cc: Pgsql-admin <[email protected]> Hi David J, Yeah, sorry, I should have used different names, but yeah, I have also created the a and b roles named the same as the schema. Should have used schema_a, schema_b, role_a, role_b. On Sun, Jun 15, 2025 at 11:19 AM David G. Johnston < [email protected]> wrote: > On Sat, Jun 14, 2025 at 3:09 PM Edwin UY <[email protected]> wrote: > >> I thought it was supposed to all 'full' access of one schema to the other >> > > Where did you get the idea that objects (aside from roles) ever get > privileges on other objects? Or did you also create roles "a" and "b" and > are just using the wrong terminology here? > > There is also no such thing as permissions on one type of object somehow > affecting your privileges on other object types. Your privileges on > schemas will not influence (directly) your permissions on tables. Neither > to grant additional privileges or to block them - say if you don't have > usage on schema but do have select on a contained table. Corner-cases that > do behave this way notwithstanding - it isn't reliable. > > David J. > > ^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2025-06-15 10:06 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2025-06-14 22:08 GRANT USAGE ON SCHEMA Edwin UY <[email protected]> 2025-06-14 22:29 ` Tom Lane <[email protected]> 2025-06-14 23:19 ` David G. Johnston <[email protected]> 2025-06-15 10:06 ` Edwin UY <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox