SyntaxFix

[sql] Give all permissions to a user on a PostgreSQL database

I would like to give an user all the permissions on a database without making it an admin. The reason why I want to do that is that at the moment DEV and PROD are different DBs on the same cluster so I don't want a user to be able to change production objects but it must be able to change objects on DEV.

I tried:

grant ALL on database MY_DB to group MY_GROUP;

but it doesn't seem to give any permission.

Then I tried:

grant all privileges on schema MY_SCHEMA to group MY_GROUP;

and it seems to give me permission to create objects but not to query\delete objects on that schema that belong to other users

I could go on by giving USAGE permission to the user on MY_SCHEMA but then it would complain about not having permissions on the table ...

So I guess my question is: is there any easy way of giving all the permissions to a user on a DB?

I'm working on PostgreSQL 8.1.23.

This question is related to sql postgresql ddl privileges grant

The answer is

GRANT ALL PRIVILEGES ON DATABASE "my_db" to my_user;

In PostgreSQL 9.0+ you would do the following:

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA MY_SCHEMA TO MY_GROUP;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA MY_SCHEMA TO MY_GROUP;

If you want to enable this for newly created relations too, then set the default permissions:

ALTER DEFAULT PRIVILEGES IN SCHEMA MY_SCHEMA
  GRANT ALL PRIVILEGES ON TABLES TO MY_GROUP;
ALTER DEFAULT PRIVILEGES IN SCHEMA MY_SCHEMA
  GRANT ALL PRIVILEGES ON SEQUENCES TO MY_GROUP;

However, seeing that you use 8.1 you have to code it yourself:

CREATE FUNCTION grant_all_in_schema (schname name, grant_to name) RETURNS integer AS $$
DECLARE
  rel RECORD;
BEGIN
  FOR rel IN
    SELECT c.relname
    FROM pg_class c
    JOIN pg_namespace s ON c.namespace = s.oid
    WHERE s.nspname = schname
  LOOP
    EXECUTE 'GRANT ALL PRIVILEGES ON ' || quote_ident(schname) || '.' || rel.relname || ' TO ' || quote_ident(grant_to);
  END LOOP;
  RETURN 1;
END; $$ LANGUAGE plpgsql STRICT;
REVOKE ALL ON FUNCTION grant_all_in_schema(name, name) FROM PUBLIC;

This will set the privileges on all relations: tables, views, indexes, sequences, etc. If you want to restrict that, filter on pg_class.relkind. See the pg_class docs for details.

You should run this function as superuser and as regular as your application requires. An option would be to package this in a cron job that executes every day or every hour.

GRANT USAGE ON SCHEMA schema_name TO user;

I did the following to add a role 'eSumit' on PostgreSQL 9.4.15 database and provide all permission to this role :

CREATE ROLE eSumit;

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO eSumit;

GRANT ALL PRIVILEGES ON DATABASE "postgres" to eSumit;

ALTER USER eSumit WITH SUPERUSER;

Also checked the pg_table enteries via :

select * from pg_roles; enter image description here

Database queries snapshot : enter image description here

Source: Stackoverflow.com

Examples related to sql

Passing multiple values for same variable in stored procedure SQL permissions for roles Generic XSLT Search and Replace template Access And/Or exclusions Pyspark: Filter dataframe based on multiple conditions Subtracting 1 day from a timestamp date PYODBC--Data source name not found and no default driver specified select rows in sql with latest date for each ID repeated multiple times ALTER TABLE DROP COLUMN failed because one or more objects access this column Create Local SQL Server database

Examples related to postgresql

Subtracting 1 day from a timestamp date pgadmin4 : postgresql application server could not be contacted. Psql could not connect to server: No such file or directory, 5432 error? How to persist data in a dockerized postgres database using volumes input file appears to be a text format dump. Please use psql Postgres: check if array field contains value? Add timestamp column with default NOW() for new rows only Can't connect to Postgresql on port 5432 How to insert current datetime in postgresql insert query Connecting to Postgresql in a docker container from outside

Examples related to ddl

How does spring.jpa.hibernate.ddl-auto property exactly work in Spring? How can I avoid getting this MySQL error Incorrect column specifier for column COLUMN NAME? MySQL: ALTER TABLE if column not exists Give all permissions to a user on a PostgreSQL database Simulate CREATE DATABASE IF NOT EXISTS for PostgreSQL? Adding multiple columns AFTER a specific column in MySQL Create a temporary table in MySQL with an index from a select How to delete a column from a table in MySQL SQL Column definition : default value and not null redundant? How to generate entire DDL of an Oracle schema (scriptable)?

Examples related to privileges

Check Postgres access for a user Give all permissions to a user on a PostgreSQL database ORA-01950: no privileges on tablespace 'USERS' Getting ORA-01031: insufficient privileges while querying a table instead of ORA-00942: table or view does not exist Remove privileges from MySQL database Permission denied for relation How to view user privileges using windows cmd? Grant all on a specific schema in the db to a group role in PostgreSQL How to show all privileges from a user in oracle? What precisely does 'Run as administrator' do?

Examples related to grant

Postgresql: error "must be owner of relation" when changing a owner object Give all permissions to a user on a PostgreSQL database Remove privileges from MySQL database What GRANT USAGE ON SCHEMA exactly do? Permission denied for relation Grant SELECT on multiple tables oracle How to grant remote access to MySQL for a whole subnet? Grant all on a specific schema in the db to a group role in PostgreSQL grant remote access of MySQL database from any IP address Query grants for a table in postgres

Tags

Pixastic Custom-renderer Application-restart Anemic-domain-model Xmlreader Recover Catransition Entry-point Sharethis Esent Sbt Css-hack Google-app-engine Pbmplus Eval Webistrano Idispatchmessageinspector Uclinux Automated-deployment Xserver Port-number Tag-soup Gfs Section508 Custom-lists Opencalais Ieaddon Object-model Dynamic-content Sitemap Filewriter Fall-through Coalesce Debuggerdisplay Page-replacement Wpftoolkit Trx Using-declaration Verify Maemo Htdocs E-notices Redmine Catch-all Ldap-query Head Email-processing Dom-events Jazz Qa Common-lisp Trayicon Code-coverage Simplejson Alphabet Systemtap Big-ip Authlogic-oid Android-progressbar Installshield Ticket-system Multibyte-functions Star-schema Multivalue-database Lsa Logfile Xinput Codepoint Email-threading Configuration-files Depth-buffer Loopback-address Captions Picking Dcom Async-await Uipagecontrol Rss-reader Flot Language-specifications Playback Audio Sms-gateway Sql-cte Uibutton Domdocument Radrails Internet-explorer-6 Constraintexception Add-type Mixed-code Line-endings Pardiso Gearman Webhttp File-generation Registry-virtualization Compiler-as-a-service Rowtype Underflow