-1

Here is my problem : I have created a role R1 that have all privileges on schema S1. I also have created two users U1, U2, with inherit, that both are members of R1. U1 has created a table in S1. Why U2 can't query this table ?

PS C:> psql -h ora05lw -U dba -d kuku psql (16.0, server 13.3)

kuku=# create role r1 with login; CREATE ROLE kuku=# create user u1 with password 'aaaaaa'; CREATE ROLE kuku=# create user u2 with password 'aaaaaa'; CREATE ROLE kuku=# grant r1 to u1; GRANT ROLE kuku=# grant r1 to u2; GRANT ROLE kuku=# create schema s1; CREATE SCHEMA kuku=# grant all privileges on schema s1 to r1; GRANT kuku=# ALTER DEFAULT PRIVILEGES IN SCHEMA s1 GRANT SELECT ON TABLES TO r1; ALTER DEFAULT PRIVILEGES kuku=# \q PS C:> psql -h ora05lw -U u1 -d kuku psql (16.0, server 13.3)

kuku=> create table s1.kuku (one integer);
CREATE TABLE
kuku=> \q
PS C:\> psql -h ora05lw -U u2 -d kuku
psql (16.0, server 13.3)

kuku=> select * from "s1"."kuku";
ERROR:  permission denied for table kuku
kuku=> \q
Improve this question
0

2 Answers 2

Reset to default
0

When you create the DEFAULT PRIVILEGES you are connecte as "dba" so the privileges will be applie to objects created by dba not for objects created by "u1" this is visible when you do a \ddp command

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hello Rodolphe ! trying what you said ...
psql -h ora05lw -U u1 -d kuku # ALTER DEFAULT PRIVILEGES IN SCHEMA s1 GRANT SELECT ON TABLES TO r1; # psql -h ora05lw -U u2 -d kuku # select * from s1.kuku; I get permission denied ...
0

Granting Full Access to the Schema:

GRANT USAGE ON SCHEMA s1 TO u2;
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.