Postgres Pro
Downloads
Home   >   mailing lists

Thread: Does a GRANT on a table cascade/implied to its SEQUENCES

Does a GRANT on a table cascade/implied to its SEQUENCES

From
"Roderick A. Anderson"
Date:
I'm working on an application ( using Catalyst ) and realized I was
using a user with too many privileges to access the database.

I've add a new user and as I go though granting various accesses to the
different tables I realized many of those tables have primary keys that
are generated by a sequence.

Do I need to grant access on the sequences and what type of access --
SELECT for sure but what about UPDATE -- for each of the tables I've
granted the user access to?


TIA,
Rod
--

Re: Does a GRANT on a table cascade/implied to its SEQUENCES

From
Tom Lane
Date:
"Roderick A. Anderson" <raanders@acm.org> writes:
> I've add a new user and as I go though granting various accesses to the
> different tables I realized many of those tables have primary keys that
> are generated by a sequence.

> Do I need to grant access on the sequences and what type of access --
> SELECT for sure but what about UPDATE -- for each of the tables I've
> granted the user access to?

Right now, GRANT on a table doesn't do anything about subsidiary
sequences.  (There have been discussions about changing that, but
nothing's happened yet.)  So if you want someone to be able to INSERT
into a table with a serial column, you need to give them UPDATE rights
on the sequence.  Offhand I see no direct reason why they'd need SELECT
rights on the sequence, but maybe they do.

            regards, tom lane

Re: Does a GRANT on a table cascade/implied to its SEQUENCES

From
"Roderick A. Anderson"
Date:
Tom Lane wrote:
> "Roderick A. Anderson" <raanders@acm.org> writes:
>
>>I've add a new user and as I go though granting various accesses to the
>>different tables I realized many of those tables have primary keys that
>>are generated by a sequence.
>
>
>>Do I need to grant access on the sequences and what type of access --
>>SELECT for sure but what about UPDATE -- for each of the tables I've
>>granted the user access to?
>
>
> Right now, GRANT on a table doesn't do anything about subsidiary
> sequences.  (There have been discussions about changing that, but
> nothing's happened yet.)  So if you want someone to be able to INSERT
> into a table with a serial column, you need to give them UPDATE rights
> on the sequence.  Offhand I see no direct reason why they'd need SELECT
> rights on the sequence, but maybe they do.

Thanks for the clarification Tom.


Rod
--