TechQA.

Pivileges of a new user in PostgreSQL

62 views Asked by At

I used to work with Oracle, where after creation of a new database user you need to grant them a few privileges, ex. to connect(CREATE SESSION) to the database or create a table(CREATE TABLE). Otherwise the user is useless and literally can nothing.

  1. How does it work in Postgres? Why after CREATE USER statement and assigning SCHEMA to him, I'm able to log-in, create schema/ objects and much more things?
  2. How to display user privileges? I would like to know how powerfull the user is.

Example:

CREATE USER test_user WITH PASSWORD 'abc';      
CREATE SCHEMA test_user ;   
ALTER SCHEMA test_user OWNER TO test_user ;

Now I can log-in as test_user and do a lot of things in the database.

sql database postgresql privileges
Original Q&A
2

There are 2 answers

4
Laurenz Albe On

PostgreSQL manages these things differently from Oracle.

Oracle has all these annoying1 "system privileges"; PostgreSQL manages this via schema permissions: if a user has the CREATE privilege on a schema, she can create arbitrary objects in that schema.

There is no way to list all privileges of a role in PostgreSQL. You could try an extension like pg_permissions and its all_permissions view.

1 to me, at least — why can't I create a view on my own table by default?

0
Adrian Klaver On

https://www.postgresql.org/docs/current/sql-createuser.html

CREATE USER is now an alias for CREATE ROLE. The only difference is that when the command is spelled CREATE USER, LOGIN is assumed by default, whereas NOLOGIN is assumed when the command is spelled CREATE ROLE.

https://www.postgresql.org/docs/current/sql-grant.html

GRANT — define access privileges Specific types of privileges, as defined in Section 5.7.

Section 5.7 https://www.postgresql.org/docs/current/ddl-priv.html

5.7. Privileges

When an object is created, it is assigned an owner. The owner is normally the role that executed the creation statement. For most kinds of objects, the initial state is that only the owner (or a superuser) can do anything with the object. To allow other roles to use it, privileges must be granted.

<...>

The available privileges are:

SELECT

A whole list of specific privileges and what they mean for different objects

Related Questions in SQL

Related Questions in DATABASE

Related Questions in POSTGRESQL

Related Questions in PRIVILEGES

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions