MIME-Version: 1.0
References: 
 <2023185982.281851219.1646733038464.JavaMail.root@zimbra15-e2.priv.proxad.net>
 <1712096587.208766558.1706090901073.JavaMail.zimbra@free.fr>
 <bd4c8b8e88548d6e08220196a02c17d4fa5d2124.camel@cybertec.at>
 <EC6A3402-8271-4EA7-B6BA-1CEFEA96C749@yesql.se>
 <1327973565.212682013.1706107220766.JavaMail.zimbra@free.fr>
 <ae2b506af55afec6f3841d69c1f01aea976df619.camel@cybertec.at>
 <176777248.214045315.1706113384094.JavaMail.zimbra@free.fr>
In-Reply-To: <176777248.214045315.1706113384094.JavaMail.zimbra@free.fr>
From: "David G. Johnston" <david.g.johnston@gmail.com>
Date: Wed, 24 Jan 2024 09:50:17 -0700
Message-ID: 
 <CAKFQuwbjczTu0H2Jcxkt=SnCx73Crgos0vDpd12KEBxM-Rrh3w@mail.gmail.com>
Subject: Re: SQL command : ALTER DATABASE OWNER TO
To: gparc@free.fr
Cc: Laurenz Albe <laurenz.albe@cybertec.at>,
 Daniel Gustafsson <daniel@yesql.se>,
	pgsql-docs <pgsql-docs@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000b69bda060fb3ddc2"
Archived-At: 
 <https://www.postgresql.org/message-id/CAKFQuwbjczTu0H2Jcxkt%3DSnCx73Crgos0vDpd12KEBxM-Rrh3w%40mail.gmail.com>
Precedence: bulk

--000000000000b69bda060fb3ddc2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Jan 24, 2024 at 9:23=E2=80=AFAM <gparc@free.fr> wrote:-

> [postgres] $ psql
> psql (14.10)
>
>
You really should add commentary, especially since you never demonstrated
the tst role (I advise picking different names for all of the objects in
the future) being unable to login.  Which they should be able to since
public is shown to have "c" connect privileges (=3DTc/tst)


> [postgres@PGDEV14] postgres=3D# create user tst password 'tst';
> CREATE ROLE
> [postgres@PGDEV14] postgres=3D# create database tst owner =3D tst;
> CREATE DATABASE
>

This next command is pointless, it is a no-op, as soon as you made them
owner of the tst database they already had all privileges to it, granted by
the same user that created the database.  And only it, that command is not
recursing through the database into schemas and tables and adding more
permissions.  That isn't how this all works, a database is an object.
While it is also a concept that encompasses the entire schema within it the
permissions system only cares about the first definition.

[postgres@PGDEV14] postgres=3D# grant all on database tst to tst;
> GRANT
> [postgres@PGDEV14] postgres=3D# \l+ tst
>                                               Liste des bases de donn=C3=
=A9es
>  Nom | Propri=C3=A9taire | Encodage | Collationnement | Type caract. | Dr=
oits
> d'acc=C3=A8s | Taille  | Tablespace | Description
>
> -----+--------------+----------+-----------------+--------------+--------=
--------+---------+------------+-------------
>  tst | tst          | UTF8     | fr_FR.UTF-8     | fr_FR.UTF-8  | =3DTc/t=
st
>      +| 9809 kB | pg_default |
>      |              |          |                 |              |
> tst=3DCTc/tst    |         |            |
> (1 ligne)
>
>
What are you trying to demonstrate here?


> [postgres@PGDEV14] tst=3D# \dn+ tst
>                  Liste des sch=C3=A9mas
>  Nom | Propri=C3=A9taire | Droits d'acc=C3=A8s | Description
> -----+--------------+----------------+-------------
>  tst | tst          |                |
> (1 ligne)
>
>
David J.

--000000000000b69bda060fb3ddc2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-family:arial,helvetica,sans-serif"><span style=3D"font-family:Arial,Helve=
tica,sans-serif">On Wed, Jan 24, 2024 at 9:23=E2=80=AFAM &lt;<a href=3D"mai=
lto:gparc@free.fr">gparc@free.fr</a>&gt; wrote:</span><span style=3D"font-f=
amily:Arial,Helvetica,sans-serif">-</span></div></div><div class=3D"gmail_q=
uote"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b=
order-left:1px solid rgb(204,204,204);padding-left:1ex">
[postgres] $ psql<br>
psql (14.10)<br>
<br></blockquote><div><br></div><div><div class=3D"gmail_default" style=3D"=
font-family:arial,helvetica,sans-serif">You really should add commentary, e=
specially since you never demonstrated the tst role (I advise picking diffe=
rent names for all of the objects in the future) being unable to login.=C2=
=A0 Which they should be able to since public is shown to have &quot;c&quot=
; connect privileges (=3DTc/tst)</div><br></div><div>=C2=A0</div><blockquot=
e class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px s=
olid rgb(204,204,204);padding-left:1ex">
[postgres@PGDEV14] postgres=3D# create user tst password &#39;tst&#39;;<br>
CREATE ROLE<br>
[postgres@PGDEV14] postgres=3D# create database tst owner =3D tst;<br>
CREATE DATABASE<br></blockquote><div><br></div><div class=3D"gmail_default"=
 style=3D"font-family:arial,helvetica,sans-serif">This=C2=A0next command is=
 pointless, it is a no-op, as soon as you made them owner of the tst databa=
se they already had all privileges to it,=C2=A0granted by the same user tha=
t created=C2=A0the database.=C2=A0 And only it, that command is not recursi=
ng through the database into schemas and tables and adding more permissions=
.=C2=A0 That isn&#39;t how this all works, a database is an object.=C2=A0 W=
hile it is also a concept that encompasses the entire schema within it the =
permissions system only cares about the first definition.</div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif"><br></d=
iv><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bord=
er-left:1px solid rgb(204,204,204);padding-left:1ex">
[postgres@PGDEV14] postgres=3D# grant all on database tst to tst;<br>
GRANT<br>
[postgres@PGDEV14] postgres=3D# \l+ tst<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 Liste des bases de donn=C3=A9es<br>
=C2=A0Nom | Propri=C3=A9taire | Encodage | Collationnement | Type caract. |=
 Droits d&#39;acc=C3=A8s | Taille=C2=A0 | Tablespace | Description<br>
-----+--------------+----------+-----------------+--------------+----------=
------+---------+------------+-------------<br>
=C2=A0tst | tst=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | UTF8=C2=A0 =C2=A0 =C2=
=A0| fr_FR.UTF-8=C2=A0 =C2=A0 =C2=A0| fr_FR.UTF-8=C2=A0 | =3DTc/tst=C2=A0 =
=C2=A0 =C2=A0 =C2=A0+| 9809 kB | pg_default |<br>
=C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | tst=
=3DCTc/tst=C2=A0 =C2=A0 |=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>
(1 ligne)<br><br></blockquote><div><br></div><div class=3D"gmail_default" s=
tyle=3D"font-family:arial,helvetica,sans-serif">What are you trying to demo=
nstrate here?</div><div class=3D"gmail_default" style=3D"font-family:arial,=
helvetica,sans-serif"><br></div><blockquote class=3D"gmail_quote" style=3D"=
margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-lef=
t:1ex">
<br>
[postgres@PGDEV14] tst=3D# \dn+ tst<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Liste des sch=
=C3=A9mas<br>
=C2=A0Nom | Propri=C3=A9taire | Droits d&#39;acc=C3=A8s | Description<br>
-----+--------------+----------------+-------------<br>
=C2=A0tst | tst=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>
(1 ligne)<br><br></blockquote><div><br></div><div class=3D"gmail_default" s=
tyle=3D"font-family:arial,helvetica,sans-serif">David J.</div><div class=3D=
"gmail_default" style=3D"font-family:arial,helvetica,sans-serif"><br></div>=
</div></div>

--000000000000b69bda060fb3ddc2--