Обсуждение: Both side privileges

Поиск
Список
Период
Сортировка

Both side privileges

От
Jean-Philippe Chenel
Дата:
Hi,

I try to give userA privileges on userB objects and same thing to the userB, giving privileges on userA objects. 

Grant userB to userA; —ok
Grant userA to userB; —error: role userB is already member of role userA

How can I do that?
With best regards,

Re: Both side privileges

От
"David G. Johnston"
Дата:
On Mon, Jul 13, 2020 at 4:42 PM Jean-Philippe Chenel <jp.chenel@live.ca> wrote:
Hi,

I try to give userA privileges on userB objects and same thing to the userB, giving privileges on userA objects. 

Grant userB to userA; —ok
Grant userA to userB; —error: role userB is already member of role userA

Create a "group role" that retains ownership and then add both users to that group.

David J.

Re: Both side privileges

От
Jean-Philippe Chenel
Дата:
Thank for your answer David.
This is what I'll do.
De : David G. Johnston <david.g.johnston@gmail.com>
Envoyé : 13 juillet 2020 19:46
À : Jean-Philippe Chenel <jp.chenel@live.ca>
Cc : pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
Objet : Re: Both side privileges
 
On Mon, Jul 13, 2020 at 4:42 PM Jean-Philippe Chenel <jp.chenel@live.ca> wrote:
Hi,

I try to give userA privileges on userB objects and same thing to the userB, giving privileges on userA objects. 

Grant userB to userA; —ok
Grant userA to userB; —error: role userB is already member of role userA

Create a "group role" that retains ownership and then add both users to that group.

David J.

Re: Both side privileges

От
Toomas Kristin
Дата:

And please be sure that default permissions are defined properly. Otherwise it may happen that userA creates a new table but userB has access for that. Alternative option is that user has to grant proper access for the role group after every time when a new db object is created.

Toomas

On 14. Jul 2020, at 16:36, Jean-Philippe Chenel <jp.chenel@live.ca> wrote:

Thank for your answer David.
This is what I'll do.
De : David G. Johnston <david.g.johnston@gmail.com>
Envoyé : 13 juillet 2020 19:46
À : Jean-Philippe Chenel <jp.chenel@live.ca>
Cc : pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
Objet : Re: Both side privileges
 
On Mon, Jul 13, 2020 at 4:42 PM Jean-Philippe Chenel <jp.chenel@live.ca> wrote:
Hi,

I try to give userA privileges on userB objects and same thing to the userB, giving privileges on userA objects. 

Grant userB to userA; —ok
Grant userA to userB; —error: role userB is already member of role userA

Create a "group role" that retains ownership and then add both users to that group.

David J.