Postgresql – How to grant select, insert privileges in Postgres on Cygwin

cygwinpostgresqlsql

How do I grant permissions in Postgres? I followed the documentation, however it is not working.

$ psql tmadev
psql (9.2.4)
Type "help" for help.

tmadev=# grant all privileges on database tmadev to tma;
GRANT
tmadev=# \z sample
                           Access privileges
 Schema |  Name  | Type  | Access privileges | Column access privileges
--------+--------+-------+-------------------+--------------------------
 public | sample | table |                   |
(1 row)

tmadev=# \q

Chloe@xps /srv/www/htdocs
$ psql -U tma tmadev
psql (9.2.4)
Type "help" for help.

tmadev=> select * from sample limit 2;
ERROR:  permission denied for relation sample
STATEMENT:  select * from sample limit 2;
ERROR:  permission denied for relation sample
tmadev=>
tmadev=> \du
                             List of roles
 Role name |                   Attributes                   | Member of
-----------+------------------------------------------------+-----------
 Chloe     | Superuser, Create role, Create DB, Replication | {}
 tma       |                                                | {}

Best Answer

grant all privileges on database... does not grant any possible privilege within the database, but on it, which is much less than you'd think.

Per documentation, the privileges on a database are defined as:

GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] } ON DATABASE database_name [, ...] TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]

So grant all privileges on database tmadev to tma is equivalent to:

grant create,connect,temporary  on database tmadev to tma;

Presumably you want something like (when connected to tmadev)

grant all on all tables in schema public to tma;
grant all on all sequences in schema public to tma;
grant all on schema public to tma;

and possibly quite a few others.

On the other hand, if tma is going to be the only user or group that needs full access to this database, it's much more convenient to make it the owner of the database, in which case it has all the privileges within it and none of these grants are necessary.

Related Solutions

Permissions – How to GRANT SELECT to All Tables in PostgreSQL

I thought it might be helpful to mention that, as of 9.0, postgres does have the syntax to grant privileges on all tables (as well as other objects) in a schema:

GRANT SELECT ON ALL TABLES IN SCHEMA public TO user;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO user;

Here's the link.

Postgresql – How to create a PostgreSQL web application user with limited privileges as easy as possible

Mass GRANT/REVOKE is only available on PostgreSQL 9.0+.

Instead, you can create the functions pg_grant() and pg_revoke() found at http://blog.bhushangahire.net/2009/06/17/grant-privileges-to-all-tables-in-a-database-for-postgresql/

The parameters to both functions are:

User Role
Permissions
Object name, may be a pattern. "%" affects all objects
Schema name

You will need to run the command on each database and each schema. The syntax looks like this:

SELECT pg_grant('web_user','SELECT,INSERT,UPDATE,DELETE','%','public');

If you like, you may be able to change this line in the function definition:

nspname = $4 AND

to this:

nspname like $4 AND

in order to be able to specify schema as a wildcard, but I haven't tested it.

Best Answer

Related Solutions

Permissions – How to GRANT SELECT to All Tables in PostgreSQL

Postgresql – How to create a PostgreSQL web application user with limited privileges as easy as possible

Related Topic