Scribd Logo
Upload

Welcome to Scribd!

  • 18 views

    User Permissions

    Uploaded by

    xx
    The document discusses PostgreSQL database users and permissions. It explains that the initial user created with a new database is a 'superuser' that bypasses all permission checks and can perform any action. It recommends restricting superuser privileges and creating specialized roles with only required permissions for safety. It also provides SQL queries that a superuser can use to check the permissions of other users and roles in the database.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    User Permissions

    Uploaded by

    xx
    18 views1 page
    The document discusses PostgreSQL database users and permissions. It explains that the initial user created with a new database is a 'superuser' that bypasses all permission checks and can perform any action. It recommends restricting superuser privileges and creating specialized roles with only required permissions for safety. It also provides SQL queries that a superuser can use to check the permissions of other users and roles in the database.

    Original Description:

    Original Title

    1. User permissions.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses PostgreSQL database users and permissions. It explains that the initial user created with a new database is a 'superuser' that bypasses all permission checks and can perform any action. It recommends restricting superuser privileges and creating specialized roles with only required permissions for safety. It also provides SQL queries that a superuser can use to check the permissions of other users and roles in the database.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    18 views1 page

    User Permissions

    Uploaded by

    xx
    The document discusses PostgreSQL database users and permissions. It explains that the initial user created with a new database is a 'superuser' that bypasses all permission checks and can perform any action. It recommends restricting superuser privileges and creating specialized roles with only required permissions for safety. It also provides SQL queries that a superuser can use to check the permissions of other users and roles in the database.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 1

    When you create a new PostgreSQL database server there will be a single db and a

    single user (both usually named postgres). You can run the following command to
    check
    the name of the active user

    SELECT current_user;

    The inital user has permission to create new db, tables, users, etc. In PostgreSQL
    the term for such user is 'superuser'. A 'superuser' bypasses all permission checks
    that other users face beore being allowed to perform an action.
    They can be passed to any number of users, but it is very dangerous if too many
    people has this type of access.

    • Some principles to address regarding superusers:

    - most user's priveliges are restricted;


    - superusers aren't performing routine db tasks;
    - specilized roles are created with only the permissions they require.

    Investigating User Permissions


    -----------------------------------------------------------------------------------
    -----------------------------------------------------

    As a superuser, you may want to check the permissions of users in your db to ensure
    compliance. The following tables and columns are useful for understanding the state
    of any user's permissions:

    • 'pg_catalog.pg_roles' - a listing of all users in the db, their roles and a


    description of what special permissions these users have. To access it type:

    SELECT * from pg_catalog.pgroles;

    As a superuser you can give yourself roles to check how a user with this role would
    behave. You could try to create a table, change tables etc with a given role and
    test with the role works as it should. As a superuser, you can give the superuser
    role back to you anytime as well. To set a new role for you, type:

    SET ROLE role_name


    SET ROLE superuser_role_name // superuser role name
    is usually 'postgres', sets role back to superuser

    • 'information_schema.table_privileges' - a description of permissions a user has


    on a table, answering questions about who can SELECT, INSERT, etc values on a
    table.
    You don't need all columns in this table to understand what permissions, you can
    use the below example as a guide to select only important stuff:

    SELECT grantor, grantee, table_schema, table_name, privilege_type


    FROM information_schema.table_privileges
    WHERE grantee = 'userB';

    grantor = who granted the privilege


    grantee = who received the previlege
    table_schema = database name?
    table_name = table name
    previlege_type = type of privilege (SELECT, UPDATE, etc)

    You might also like