Hi, It's postgres 15.4.
We want to give required privilege to certain users or roles and ensure to not to provide any elevated privilege. I have below questions,
1)I am seeing in many places, we have "usage on schema" privilege given. along with "grant select on <object_name> to <role1>" for the objects of the schema (something as below). So I wanted to understand, what exact privilege "grant usage on schema <schema1> to <role1>" will provide which the "select on" privilege won't?
grant usage on schema <schema1> to <role1>;
grant select on schema1.tab1 to <role1>;
2)Additionally , when we are trying to give select privilege on "cron" and "partman" schema to a role (something as below) , so that anybody logging through that role would be able to see/fetch the data from the tables inside cron and partman schema. its giving output 'no privileges were granted for cron/partman/part_config' message. And during accessing that object from the cron/partman schema through that role, it errors out with an access denied message. So I wanted to understand the cause of this and how we should fix it , such that anybody logging in through that role can see/fetch the data from the cron and partman schema tables.
grant select on cron.job to <role1>;
grant select on cron.job_run_details to <role1>;
grant select on partman.part_config to <role1>;
We want to give required privilege to certain users or roles and ensure to not to provide any elevated privilege. I have below questions,
1)I am seeing in many places, we have "usage on schema" privilege given. along with "grant select on <object_name> to <role1>" for the objects of the schema (something as below). So I wanted to understand, what exact privilege "grant usage on schema <schema1> to <role1>" will provide which the "select on" privilege won't?
grant usage on schema <schema1> to <role1>;
grant select on schema1.tab1 to <role1>;
2)Additionally , when we are trying to give select privilege on "cron" and "partman" schema to a role (something as below) , so that anybody logging through that role would be able to see/fetch the data from the tables inside cron and partman schema. its giving output 'no privileges were granted for cron/partman/part_config' message. And during accessing that object from the cron/partman schema through that role, it errors out with an access denied message. So I wanted to understand the cause of this and how we should fix it , such that anybody logging in through that role can see/fetch the data from the cron and partman schema tables.
grant select on cron.job to <role1>;
grant select on cron.job_run_details to <role1>;
grant select on partman.part_config to <role1>;
Regards
Sud