public inbox for [email protected]
help / color / mirror / Atom feedFrom: Muhammad Usman Khan <[email protected]>
To: Atul Kumar <[email protected]>
Cc: pgsql-general <[email protected]>
Subject: Re: default privileges are npt working
Date: Fri, 30 Aug 2024 16:23:30 +0500
Message-ID: <CAPnRvGvphaA2-1ZC+aNyfu_jFiP-oNRfed5i0t0mKt0sPzZWmQ@mail.gmail.com> (raw)
In-Reply-To: <CA+ONtZ6SGGWm-cRWG0ms5dmH2d1W+Nd7Pm1aB_2C8CbYExyoZg@mail.gmail.com>
References: <CA+ONtZ6SGGWm-cRWG0ms5dmH2d1W+Nd7Pm1aB_2C8CbYExyoZg@mail.gmail.com>
Hi.
I think the ALTER DEFAULT PRIVILEGES command affects only tables that are
created after the command is executed. Tables created by the writer user
before you executed the ALTER DEFAULT PRIVILEGES command would not
automatically have select privileges granted to the reader user. You can
try by explicitly granting select privileges on the existing tables to the
reader user.
On Fri, 30 Aug 2024 at 16:14, Atul Kumar <[email protected]> wrote:
> Hi,
>
> I have a postgres instance running on version 15 in centos7.
>
> I have created a custom database and revoked all public privileges from
> that database.
>
> Then I have created a custom schema in that custom database.
>
> Now I have created one writer *user* and one reader *user *by postgres
> superuser and then granted connect privileges on the database.
>
> Then I have given all privileges of schema level and table level to the
> writer *user *so that it can create tables and insert data in the tables
> in that schema.
>
> And for reader *user * I have granted usage only privileges on schema
> level and select privileges on table level so that it can only read the
> data of tables.
>
> Then I granted default "select" privileges to reader *user *to read data
> of all tables created by writer *user* using below command:
>
> alter default privileges in schema <custom schema> grant select on tables
> to <reader user>.
>
> but when I am connected to the reader user I am not able to read the data
> inserted by the writer *user* and getting permission denied error.
>
> I can only see the list of tables created by the writer user, not the data.
>
> Am I missing something here? Please let me know.
>
> *My Goal: To read the data by reader user inserted by writer user.*
>
>
> Regards.
>
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: default privileges are npt working
In-Reply-To: <CAPnRvGvphaA2-1ZC+aNyfu_jFiP-oNRfed5i0t0mKt0sPzZWmQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox