I have initial script for develop postgresql instance:
CREATE USER blacklist WITH PASSWORD 'blacklist';
CREATE DATABASE blacklist;
GRANT ALL PRIVILEGES ON DATABASE blacklist TO blacklist;
I need to change type owner in newly created database. It's possible without connect to this database?
I suspect the query should be like this:
ALTER TYPE blacklist.inet OWNER TO common_user
But here pg expects table name, not database...
Related
Why does the Owner show "postgres" after creating a new PostgreSQL database? How can I create a new database with my DB user as the owner? My DB user has the privilege to create a database.
As documented in the manual you can specify the owner when creating the database
create database my_new_dabase
OWNER = sunday_ezeilo;
This assumes that you already have a role/user named sunday_ezeilo
I set up a connection to a foreign db using dblink_connect according to the docs:
CREATE SERVER fdtest FOREIGN DATA WRAPPER dblink_fdw OPTIONS (hostaddr '127.0.0.1', dbname 'foreign_test_db');
CREATE USER test_user WITH PASSWORD 'secret';
CREATE USER MAPPING FOR test_user SERVER fdtest OPTIONS (user 'test_user', password 'secret');
GRANT USAGE ON FOREIGN SERVER fdtest TO regress_dblink_user;
GRANT SELECT ON TABLE foo TO test_user;
\c - regress_dblink_user
SELECT dblink_connect('myconn', 'fdtest');
SELECT * FROM dblink('myconn','SELECT * FROM foo') AS t(a int, b text, c text[]);
The final 'GRANT SELECT' appears to infer that if it is meant to grant select permissions to local user test_user to the table foo on the fdtest foreign data wrapper. However, how I would interpret this command is that it is granting permissions to test_user to select on local table foo (which does not exist). As expected, when I run this command I get an error:
ERROR: relation "foo" does not exist
I would love to know how to actually accomplish this. I would like to be able to restrict local users to only access certain tables from a foreign data wrapper.
You'll have to connect to the remote database and run the GRANT statement there.
Of course you could do that via dblink, but then you'd have to connect with a superuser or the owner of the table.
The connection they show is a loop back connection, it just connects back to the same server and (apparently) database you are already in. This is useful for testing purposes. So granting the permission on the local server is the same thing as granting it on the remote server, as they are the same server.
They do not show the creation of the table, you can find it in the regression test contrib/dblink/sql/dblink.sql (from which the example in the doc derives) as:
CREATE TABLE foo(f1 int, f2 text, f3 text[], primary key (f1,f2));
How can I create a postgres user who has admin access only to one database but cannot inspect or interfere with other databases in the postgres instance? The use case is I'm creating a multitenant application
where each tenant gets his own database in the postgresql instance and can create schemas, tables etc and
perhaps use a few pg_tables to inspect his own database but not others.
cannot change the name of the database as it's controlled by me
EDIT: Added more constraints
That's fairly trivial:
CREATE DATABASE newdb;
GRANT CREATE ON DATABASE newdb TO newdba;
Add pg_hba.conf entries to allow newdba to connect to newdb only.
I'm new to PostgreSQL and I have created a postgres instance in the AWS RDS and I have also created a new user. Now I would like to grant all privileges to that user for creating new databases and to perform all admin operations.
I have found the below query to do that but it was providing access only to a particular database and that user is unable to create a new database.
GRANT ALL ON DATABASE workflow TO cnwrkstag;
I have also tried to provide access as a super user of RDS but I'm getting an error as I am unable to so because it should be a super user.
Can anyone help me with this?
You must be very careful with the super users, you can doit this way:
ALTER ROLE role_name SUPERUSER;
Or
ALTER USER user_name SUPERUSER;
Here is the documentation:
Alter-role
Extracted code from documentation,
create table sales_catalog(
item_id varchar(10) not null primary key,
item_name_desc varchar(50) not null,
item_desc varchar(50));
Error after using SYSDBA as the user in Firebird SQL3.
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
CREATE TABLE SALES_CATALOG failed
There is no privilege for this operation.
I did some experimenting, and the problem seems to be that if you connect to a database using ISQL without specifying a host name, it will use Firebird embedded to connect to the database (previous versions of Firebird didn't do that on Windows).
Firebird embedded does not require a username and password as it assumes that if you have direct read/write access to the database, that you are allowed to connect to it.
When you connect without specifying a username and password (eg using connect 'database.fdb' instead of connect 'database.fdb' user sysdba, Firebird embedded will use your OS username to connect.
This can be checked because ISQL reports the username when connecting:
SQL> connect 'd:\data\db\fb3\dbofnormal.fdb';
Database: 'd:\data\db\fb3\dbofnormal.fdb', User: MARK
Firebird 3 added new metadata privileges, for example creating a table in a database now requires that you are either the owner of the database (the username used in the create database statement), sysdba (or another admin user), or that you have the create table privilege. See also User Privileges for Metadata Changes. In earlier version any user would be allowed to create tables once they had access to the database.
Now on to the problem: the user (in my example MARK), does not have the create table privilege, so attempting to do so will fail:
SQL> create table testmark ( id integer generated by default as identity primary key);
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-CREATE TABLE TESTMARK failed
-There is no privilege for this operation
There are a few ways to solve this:
Specify a user with sufficient privileges in the connect statement (eg sysdba):
connect 'database.fdb' user sysdba;
Include the host name in the connect statement to connect through Firebird server instead of Firebird embedded, so that you are required to specify user name and password:
connect 'localhost:database.fdb' user sysdba password 'masterkey';
Connect once to your database as sysdba (see first item), and give the necessary privileges to the user (in my case mark):
grant create table to user mark;
From this moment forward this user can create tables (you may need to grant additional privileges, eg create view, create procedure, etc).