Granting access to all tables for a user

PlaidFan
8 years ago
I'm new to Postgres and trying to migrate our MySQL databases over. In MySQL I can grant SELECT, UPDATE, INSERT, and DELETE privileges on a low privileged user and enable those grants to apply to all tables in a specified database. I must be missing something in Postgres because it looks like I have to grant those privileges for each table one at a time. With many databases and hundreds of tables per database that seems like a daunting task just to get off the ground. In addition, once a database is in operation, adding tables happens frequently enough that I wouldn't want to have to grant permissions each time unless absolutely necessary.
How is this best accomplished?
159 Points 0 Comments Share
dezso Turn off AdBlock to see the correct answer
8 years ago
First, you have to be able to connect to the database in order to run queries ..

This site survives thanks to advertising. Disable AdBlock to see the whole correct answer at no cost!
We promise you will not find boring advertisements. Find out how to disable Adblock by clicking on this link.
Remember to update the page once you have disabled it.
182 Points 2 Comments
JustAMartin 5 years ago
Thanks, `FOR some_role` was the key part I was missing to make it work for my tables created later. But I didn't have to be logged in as `some_role`, it worked also if I executed the query as the default admin `postgres` user.
rubo77 one year ago
I did all those commands for my user, but still I wasn't allowed to use SELECT on the tables inside the database. It only worked after i REVOKED all privileges again and GRANTed again.
dezso Correct answer
8 years ago
First, you have to be able to connect to the database in order to run queries. This can be achieved by
REVOKE CONNECT ON DATABASE your_database FROM PUBLIC; GRANT CONNECT ON DATABASE database_name TO user_name;
The REVOKE is necessary because
The key word PUBLIC indicates that the privileges are to be granted to all roles, including those that might be created later. PUBLIC can be thought of as an implicitly defined group that always includes all roles. Any particular role will have the sum of privileges granted directly to it, privileges granted to any role it is presently a member of, and privileges granted to PUBLIC.
If you really want to restrict your user to DML statements, then you have a little more to do:
REVOKE ALL ON ALL TABLES IN SCHEMA public FROM PUBLIC; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user_name;
These assume that you will have only one schema (which is named 'public' by default).
As Jack Douglas pointed out, the above only gives the privileges for the already existing tables. To achieve the same for future tables, you have to define default privileges:
ALTER DEFAULT PRIVILEGES FOR ROLE some_role -- Alternatively "FOR USER" IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user_name;
Here, some_role is a role that creates the tables, while user_name is the one who gets the privileges. Defining this, you have to be logged in as some_role or a member of it.
And, finally, you have to do the same for the sequences (thanks to PlaidFan for pointing it out) - here it is the USAGE privilege that you need.
182 Points 2 Comments Share Donate
JustAMartin 5 years ago
Thanks, `FOR some_role` was the key part I was missing to make it work for my tables created later. But I didn't have to be logged in as `some_role`, it worked also if I executed the query as the default admin `postgres` user.
rubo77 one year ago
I did all those commands for my user, but still I wasn't allowed to use SELECT on the tables inside the database. It only worked after i REVOKED all privileges again and GRANTed again.
alxkls
8 years ago
assuming you want to give them all privileges - do this:
grant all privileges on database dbname to dbuser;
where dbname is the name of your database and dbuser is the name of the user.
54 Points 3 Comments Share
dezso 8 years ago
This will add the following privileges on the _database_: `CREATE, CONNECT, TEMPORARY`. No privileges on tables.
Dolan Antenucci 3 years ago
A similar command for all tables would be, `GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO dbuser;`
Paolo 3 years ago
I found this useful too: `GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO dbuser;`

Granting all privileges to all tables within the database is achieved with

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA <schema_name> TO <username>;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA <schema_name> TO <username>;

24 Points 0 Comments Share

Will
6 years ago
It may be that I was doing something wrong here since I am very new to PostgreSQL. But this only solved the first part of the problem for me - setting the privileges on all existing tables.
In order for permissions to be correctly set for my user on new tables, that are created I has to set default permissions for the user:
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON tables TO user_name; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, USAGE ON sequences TO user_name;
18 Points 0 Comments Share

Jorge Valenzuela

2 years ago

--Create User

CREATE USER my_user_test WITH LOGIN NOSUPERUSER NOCREATEDB  NOCREATEROLE    INHERIT NOREPLICATION   CONNECTION LIMIT -1 PASSWORD 'xxxxxxx';

-- Grant connect to my data base

GRANT CONNECT ON DATABASE my_db_test TO my_user_test;

-- Grant usage the schema

GRANT USAGE ON SCHEMA my_sch_test TO my_user_test ;

-- Grant all table for SELECT, INSERT, UPDATE, DELETE

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA my_sch_test TO my_user_test;

3 Points 0 Comments Share

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM