Geek Answers Handbook

PostgreSQL Permissions

Please explain the output of the command \zin PostgreSQL. I understand the resolution, I read the documentation, but for some reason I missed the interpretation of the output \z.

datastore_default=> \z

                                    Access privileges
 Schema |      Name       | Type  |         Access privileges         | Column access privileges 
--------+-----------------+-------+-----------------------------------+--------------------------
 public | _table_metadata | view  | ckan_default=arwdDxt/ckan_default+| 
        |                 |       | datastore_default=r/ckan_default +| 
        |                 |       | readonlyuser=r/ckan_default      +| 
 public | foo             | table | ckan_default=arwdDxt/ckan_default+| 
        |                 |       | datastore_default=r/ckan_default +| 
        |                 |       | readonlyuser=r/ckan_default      +|

Somehow readonlyuser, it seems, it can read tables fooand _foo, but in practice this is not possible. Both commands return an error:

sudo -u postgres psql -d datastore_default -U readonlyuser -c 'SELECT * FROM foo'
sudo -u postgres psql -d datastore_default -U readonlyuser -c 'SELECT * FROM public.foo'
ERROR:  permission denied for schema public
LINE 1: SELECT * FROM public.foo

: , , . , db ( postgres) ( ckan_default) . , , readonlyuser , .

+4
1

, ( )

readonlyuser :

GRANT USAGE ON SCHEMA public TO readonlyuser;

ACL . , :

rolename = xxxx - ,         = xxxx - , PUBLIC

        r -- SELECT ("read")
        w -- UPDATE ("write")
        a -- INSERT ("append")
        d -- DELETE
        D -- TRUNCATE
        x -- REFERENCES
        t -- TRIGGER
        X -- EXECUTE
        U -- USAGE
        C -- CREATE
        c -- CONNECT
        T -- TEMPORARY
  arwdDxt -- ALL PRIVILEGES (for tables, varies for other objects)
        * -- grant option for preceding privilege

    /yyyy -- role that granted this privilege

+ , psql , .

+15

More articles:


All Articles