Search Postgresql Archives

Re: grant connect on database

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/16/2015 11:58 AM, Jerry Sievers wrote:

spur230 <sabinpradhan@xxxxxxxxx> writes:


I am using Postgres 9.4.  I created a login role and gave  select to all
tables to a schema as follows:


create role fix;
create role dcv login password 'mypassword' in role fix;
grant select on all tables on schema xzy to dcv';

I  was able to   connect to the database without giving 'grant connect on
database db1 to dcv'

My question is when do I have to explicitly  give connect grant? How did
user dcv  connect to database without the  connect  privilege?


NEver, unless you were to revoke it from public..

Connect is granted to public by default.


For what is GRANTed by default see:

http://www.postgresql.org/docs/9.4/interactive/sql-grant.html

Highlights:
"The key word PUBLIC indicates that the privileges are to be granted to all roles, including those that might be created later. PUBLIC can be thought of as an implicitly defined group that always includes all roles. Any particular role will have the sum of privileges granted directly to it, privileges granted to any role it is presently a member of, and privileges granted to PUBLIC." 

....
"PostgreSQL grants default privileges on some types of objects to PUBLIC. No privileges are granted to PUBLIC by default on tables, columns, schemas or tablespaces. For other types, the default privileges granted to PUBLIC are as follows: CONNECT and CREATE TEMP TABLE for databases; EXECUTE privilege for functions; and USAGE privilege for languages. The object owner can, of course, REVOKE both default and expressly granted privileges. (For maximum security, issue the REVOKE in the same transaction that creates the object; then there is no window in which another user can use the object.) Also, these initial default privilege settings can be changed using the ALTER DEFAULT PRIVILEGES command." 






Thanks



--
View this message in context: http://postgresql.nabble.com/grant-connect-on-database-tp5877872.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.





--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux