I am trying to revoke all permisions of an user on a database, but i can't get it to work.
I am doing:
REVOKE ALL PRIVILEGES ON DATABASE db1 FROM user1;
REVOKE ALL refers to all the permissions on one object, not on any related objects. In this case, you are saying "all permissions which apply to the database, as a single object". The only permission which exists at the database level is CONNECT, and by default, that is granted to the special role Public, of which all other roles are a member.
So to deny access to a user that way, you would have to revoke CONNECT privilege from Public, and then explicitly GRANT it to the roles you do want to give access to.
There are a few other options that come to mind:
Set a DENY rule for that combination of user and database in pg_hba.conf
Revoke USAGE on all schemas in the database, so that they can connect but not access anything. I believe the public schema has this granted to the public role, so you will need to revoke first as with CONNECT
Revoke all from the objects within the database. This requires multiple statements like REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA foo FROM somebody for different object types. You should also use ALTER DEFAULT PRIVILEGES to make sure objects you create from now on won't be accessible.
Related
I have a sample database containing two schemas and I have two roles in the database.
I need to grant rights in a way that
role can grant all permission within schema #1 (nowhere else)
role can grant all permission within schema #2 (nowhere else)
(essentially "schema-specific admins")
Would someone know a possible approach to this?
I can think of two ways:
the “administrator role” for each schema owns the objects in that schema – then the requirement is automatically fulfilled
all objects are owned by the same role, and that role uses GRANT ... WITH GRANT OPTION on all tables in each schema to the respective administrative role
I'd prefer the first option, because it is simpler.
I'm new on PostgreSQL. I created a user for to use a specific schema. I have done a table but I can't prevent on schema. I don't want to show all schema to the user. How can I prevent to access the schema?
Grant and Revoke to grant access and privileges on your database, including schema.
In postgres, you can GRANT or REVOKE privileges like:
REVOKE ALL ON SCHEMA public FROM PUBLIC;
GRANT USAGE ON SCHEMA public TO <myuser>;
My question; If each database has a schema PUBLIC, then are you revoking or granting for this all databases? If so, what if you only want to alter the schema permissions of one database?
The context: I want to GRANT SELECT, INSERT, DELETE to one user for only one scheme in one database. I want to do this without being connected to the DB. Or is the way to do this simply by also handling CONNECT permissions to actual databases. So if they can only connect to one database, it doesn't matter if you say "all" PUBLIC schemas?
There are a lot of questions here; I'll try to restore order.
It is a good idea to revoke CREATE from the public schema in all databases.
But you absolutely have to connect to each database in turn to do that.
A beautiful solution might be that you do it on database template1. Then every new database will automatically be set up correctly, since CREATE DATABASE copies the template database.
To give users permission to a schema in all databases, you again have to connect to all databases in turn.
It is also a good idea to REVOKE ALL on all databases from PUBLIC and grant the CONNECT privilege selectively.
This time, you can do it without connecting to each database, because databases are shared objects — the pg_database catalog is accessible from each database.
I want create users that only can execute functions from one database. Not view source functions, procedures, select, etc of any database.
Thanks.
This should do it:
Allow the user to connect to only the correct database, either with permissions on the database object (you have to REVOKE the CONNECT privilege granted to PUBLIC by default first) or with suitable entries in pg_hba.conf.
In the one database where the user can connect, it should have USAGE privilege on the schemas that contain the functions.
Create functions with SECURITY INVOKER that belong to a user that has the rights to access the required objects.
REVOKE EXECUTE on all functions from PUBLIC and GRANT it to the user as required.
There is no supported way in PostgreSQL to keep a user that can log on from seeing the source code of functions. You can try to REVOKE SELECT ON pg_proc FROM PUBLIC, but don't be surprised if you get problems with client programs like pgAdmin or psql.
I installed PostgreSQL 9 database (migration from Oracle10g) and I am realy confused by user/role management. When I create new user using SQL command like CREATE USER or CREATE ROLE, or by Navicat tool, created user can see all databases! He realy can connect them! Although he can't select any data from table, he can see table objects and sequences and so on. I was trying revoke connect privilegia but no effect. I was expected the new user has no privilegia and cant see anything. I really don't know why he can.
From http://www.postgresql.org/docs/9.2/static/sql-grant.html#SQL-GRANT-DESCRIPTION-OBJECTS (emphasis mine):
PostgreSQL grants default privileges on some types of objects to PUBLIC. No privileges are granted to PUBLIC by default on tables, columns, schemas or tablespaces. For other types, the default privileges granted to PUBLIC are as follows: CONNECT and CREATE TEMP TABLE for databases; EXECUTE privilege for functions; and USAGE privilege for languages. The object owner can, of course, REVOKE both default and expressly granted privileges. (For maximum security, issue the REVOKE in the same transaction that creates the object; then there is no window in which another user can use the object.) Also, these initial default privilege settings can be changed using the ALTER DEFAULT PRIVILEGES command.
In order to remove all privileges (including CONNECT) for all unspecified users on a database, use:
REVOKE ALL PRIVILEGES ON DATABASE <database> FROM public;
See also:
PostgreSQL: View database connect permissions
http://wiki.postgresql.org/wiki/Shared_Database_Hosting
You probably also need to modify the pg_hba.conf file. By default, a local installation doesn't do authorization checks.