Skip to main content

Default privileges Don't work when owner changes

One of the first things you learn in postgres is the importance of getting the default privileges configured. Coming from the SQLserver background, I found having to assign default privileges a little precarious but once I got over that hump it has become more obvious for its place in PG. 

The other day I discovered that default privileges don't get inherited of the new owner when the ownership changes of an object.

1.) login as postgres 
create table tab(id int) 

2.) login as d_owner 
create table taba(id int)

3.) Grant permission for readonly role access data from the public schema owned by d_owner
grant select on all tables in schema public to readrole;
alter default privileges for user  d_owner   in schema public grant select on tables to feedsapi_readonly_role

4.) Change the owner of tab from postgres to d_owner
      Alter table tab owner d_owner 
5.) login as readrole
     select 1 from tab;  --> can access 
      select 1 from taba;  --> permission issue 

6.)  Login as  d_owner  
      create table tabb(id int)
    
7.)   login as readrole   
        select 1 from tabb;  --> can access   

8.)  Login as  d_owner   
       grant select on all tables in schema public to readrole;

9.)  login as readrole   
     select 1 from taba;  -->  can access     


Comments

Post a Comment

Popular posts from this blog

Create a dacpac To Compare Schema Differences

It's been some time since i added anything to the blog and a lot has happened in the last few months. I have run into many number of challenging stuff at Xero and spread my self to learn new things. As a start i want to share a situation where I used a dacpac to compare the differences of a database schema's. - This involves of creating the two dacpacs for the different databases - Comparing the two dacpacs and generating a report to know the exact differences - Generate a script that would have all the changes How to generate a dacbpac The easiest way to create a dacpac for a database is through management studio ( right click on the databae --> task --> Extract data-tier-application). This will work under most cases but will error out when the database has difffrent settings. ie. if CDC is enabled To work around this blocker, you need to use command line to send the extra parameters. Bellow is the command used to generate the dacpac. "%ProgramFiles...
10 comments
Read more

High Watermarks For Incremental Models in dbt

The last few months it’s all been dbt. Dbt is a transform and load tool which is provided by fishtown analytics. For those that have created incremental models in dbt would have found the simplicity and easiness of how it drives the workload. Depending on the target datastore, the incremental model workload implementation changes. But all that said, the question is, should the incremental model use high-watermark as part of the implementation. How incremental models work behind the scenes is the best place to start this investigation. And when it’s not obvious, the next best place is to investigate the log after an test incremental model execution and find the implementation. Following are the internal steps followed for a datastore that does not support the merge statements. This was observed in the dbt log. - As the first step, It will copy all the data to a temp table generated from the incremental execution. - It will then delete all the data from the base table th...
4 comments
Read more

The maximum number of working threads (100) are already running

The problem                 This afternoon, out of the blue, the development folks called over wanting to know why the DB server was not responding, sure enough the databases were not accessible from application and from MMS. I knew there weren’t any maintenance happening and so I logged in to the server remotely and found that the sql services were still running as usual and the services had not restarted. To my surprise, in 10-15 mins everyone was able connect to the server again.  My first thoughts were,  it would have been an issue with the network and due to the glitch the servers weren’t accessible during the  time period. Environment details : -           The sql server were on a hyper v with a single CPU and 1024 memory -           There was 80 + transaction replications setup and further 20-30 sql ser...
Post a Comment
Read more