Search Postgresql Archives

Re: indirect membership in group roles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kev <kevinjamesfield@xxxxxxxxx> writes:
> For some reason, which I couldn't see spelled out very well in the
> docs for GRANT ROLE and SET ROLE, indirect membership in the group
> "user" doesn't give one its privileges unless you SET ROLE "user"
> first, even if all roles involved have INHERIT set.

Really?  Works for me:

regression=# create group student inherit;
CREATE ROLE
regression=# create group employee inherit;
CREATE ROLE
regression=# create group "user";
CREATE ROLE
regression=# grant "user" to student;
GRANT ROLE
regression=# grant "user" to employee;
GRANT ROLE
regression=# create user joe inherit;
CREATE ROLE
regression=# grant student to joe;
GRANT ROLE
regression=# create table mytable (f1 int);
CREATE TABLE
regression=# grant select on mytable to "user";
GRANT
regression=# \c - joe
psql (8.4devel)
You are now connected to database "regression" as user "joe".
regression=> select * from mytable;
 f1 
----
(0 rows)

I suspect you forgot to attach the "inherit" property to the
intermediate-level group.

			regards, tom lane

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux