privilege inheritance to a login role through a group role

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Everyone.

I am having issues with privilege inheritance to a login role through a group role.

 

These are the steps I am performing:

  1. data: stcities belongs to user gdb, it resides in the gdb schema
  2. map user is a login role:

CREATE ROLE map LOGIN

  ENCRYPTED PASSWORD 'md59ec9dda576db2a36c42c1c3af155d07c'

  NOSUPERUSER NOINHERIT CREATEDB NOCREATEROLE;

  1. editor role is created, and privileges to the data are granted to it:

CREATE ROLE editor NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;

GRANT select on gdb.stcities TO editor;

  1. user map is made a member of the editor role:

GRANT editor TO map;

 

Now, theoretically, I am expecting the map role to be able to inherit the select privileges via the editor group role to the gdb.stcities data.

 

But that is not the case, when I make a connection to pgAdminIII as the map user, I receive the following message:

 

An error has occurred:

Error: permission denied for relation stcities

 

So, map is not inheriting the privs from the role.

 

-editor group has privs on the data: gdb=arwdxt/gdb,editor=r/gdb

-Selecting from pg_auth_members tells me that role map is part of group editor

 

So, why is map not inheriting the privs granted to the editor role? Am I missing a step?

 

Thanks in advance,

Sincerely,

Kasia

 

[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux