Skip to content

Commit b188ea4

Browse files
laurenzlaurenz
committed
Even more for the cookbook
1 parent 495b8a8 commit b188ea4

File tree

1 file changed

+28
-4
lines changed

1 file changed

+28
-4
lines changed

README.md

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -30,19 +30,31 @@ views in that schema:
3030
(2, 'appuser', '{SELECT,INSERT,UPDATE,DELETE}',
3131
'VIEW', 'appschema');
3232

33+
Of course, the user will need the `USAGE` privilege on the schema:
34+
35+
INSERT INTO public.permission_target
36+
(id, role_name, permissions,i
37+
object_type, schema_name)
38+
VALUES
39+
(3, 'appuser', '{USAGE}',
40+
'SCHEMA', 'appschema');
41+
3342
The user also needs `USAGE` privileges on the `appseq` sequence in
3443
that schema:
3544

36-
INSERT INTO public.permission_target VALUES
37-
(3, 'appuser', '{USAGE}',
38-
'SEQUENCE', 'appschema', 'appseq', NULL);
45+
INSERT INTO public.permission_target
46+
(id, role_name, permissions,
47+
object_type, schema_name, object_name)
48+
VALUES
49+
(4, 'appuser', '{USAGE}',
50+
'SEQUENCE', 'appschema', 'appseq');
3951

4052
Now we can review which permissions are missing and which additional
4153
permissions are granted:
4254

4355
SELECT * FROM public.permission_diffs();
4456

45-
missing | role_name | object_type | schema_name | object_name | column_name | permission
57+
missing | role_name | object_type | schema_name | object_name | column_name | permission
4658
---------+-----------+-------------+-------------+-------------+-------------+------------
4759
f | laurenz | VIEW | appschema | appview | | SELECT
4860
t | appuser | TABLE | appschema | apptable | | DELETE
@@ -53,6 +65,18 @@ That means that `appuser` is missing the `DELETE` privilege on
5365
has the additional `SELECT` privilege on `appschema.appview` (`missing`
5466
is `FALSE`).
5567

68+
To review the actual permissions on an object, we can use the `*_permissions`
69+
views:
70+
71+
SELECT * FROM schema_permissions
72+
WHERE role_name = 'appuser' AND schema_name = 'appschema';
73+
74+
object_type | role_name | schema_name | object_name | column_name | permissions | granted
75+
-------------+-----------+-------------+-------------+-------------+-------------+---------
76+
SCHEMA | appuser | appschema | | | USAGE | t
77+
SCHEMA | appuser | appschema | | | CREATE | f
78+
(2 rows)
79+
5680
Usage
5781
-----
5882

0 commit comments

Comments
 (0)