PostgreSQL : Accessing tables owned by another user
As a Superuser, I have created two roles in Postgres on the same schema:
read_only_with_create_viewread_write
Then I created two users from each role:
read_only_with_create_view_userread_write
Now any new views created by read_only_with_create_view_user cannot be accessed by read_write_user as the owner for views is different (read_only_with_create_view_user).
So what is the way to access all new views by read_write_user?
I want everything created by one user to be accessible to another user.
Steps I followed:
CREATE ROLE read_only_role WITH
NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';
GRANT CONNECT ON DATABASE mydb to read_only_role;
GRANT USAGE,CREATE ON SCHEMA myschema TO read_only_role;
GRANT SELECT ON ALL TABLES IN SCHEMA myschema TO read_only_role;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA myschema TO read_only_role;
CREATE USER read_only_with_create_view_user
WITH PASSWORD '*****'
in ROLE read_only_role;
-- Now created new views using this role. That means read_only_with_create_view_user is owner of those views.
-- Creating new read-write role.
CREATE ROLE rw_role WITH
NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity' IN ROLE read_only_role;
GRANT CONNECT ON DATABASE mydb to rw_role;
GRANT USAGE ON SCHEMA myschema TO crn_rw_role_qa;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA myschema TO rw_role;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA myschema TO rw_role;
CREATE USER read_write_user
WITH PASSWORD '*****'
in role rw_role;
After login with read_write_user, when I try to access new views created by read_only_with_create_view_user, I get this error:
ERROR: permission denied for relation view_name
********** Error **********
ERROR: permission denied for relation view_name
SQL state: 42501
You can set a role as a member of another role:
GRANT read_only_with_create_view_user TO read_write_user;
More info here.
EDIT
It will never work as you expect. See your current user schema:
Role read_write_user will cannot access objects owned by read_only_with_create_view_user simply because both don't have any relationship. To make this works as you expect you can reassign objects ownership to an "upper" level role, in this case: read_only_role (because everybody is a member of this role). But be warned that it will no longer be a read-only role.
You can do one of the following:
--Connected as read_only_with_create_view_user
CREATE VIEW my_view AS SELECT 1;
--Assign ownership to top-level role
ALTER VIEW my_view OWNER TO read_only_role;
Or you may prefer this approach:
--Connected as read_only_with_create_view_user
--Change current user to read_only_role
SET role = read_only_role;
--Create a view...
CREATE VIEW my_view AS SELECT 1;
--Turn back to read_only_with_create_view_user
RESET role;
If you prefer to do all at once you can reassign ownership of objects owned by read_only_with_create_view_user to your top-level role in just one command:
REASSIGN OWNED BY read_only_with_create_view_user TO read_only_role;
Finally, if you don't want to break your read-only rule you can also, of course, give permission directly to the object.
-- As read_only_with_create_view_user, execute the following:
CREATE VIEW my_view_2 AS SELECT 1;
GRANT SELECT ON my_view_2 TO read_write_user
- PGP_Sym_Encrypt not working in hibernate but works when using the manual insert query
- How do I get asynchronous / event-driven LISTEN/NOTIFY support in Java using a Postgres database?
- Supabase Postgis not working. Topology not in search_path | Change supabase search_path
- How to force PostgreSQL to use index on joined table column?
- hibernate - Postgres- target lists can have at most 1664 entries
- ArrayField max size?
- stop postgres logging endlessly empty statements
- docker-compose .env not loading/applied to container
- postgresql unaccent and case insensitive
- Optimize GROUP BY query to retrieve latest row per user
- Easily viewing postgresql and mysql results that are too wide for the terminal
- How to query based on a associated model condition?
- Difference between text and varchar (character varying)
- PostgreSQL adding carriage return(next line) from a long field's value
- updating table rows in postgres using subquery
- Recursive query to figure out record which creates circular dependency
- postgres deadlock_timeout - how does it work exactly
- PostGIS with invalid memory alloc request size ERROR on polygon transform
- Data-modifying statement in WITH clause seems to run twice
- Supabase connection error "server didn't return client encoding"
- How to create group column based on ids and linked ids in PostgreSQL
- PostgreSQL error: column "qty" is of type integer but expression is of type text
- array_agg DISTINCT and ORDER
- What does "INSERT 0 1" mean after executing direct SQL in PostgreSQL?
- Postgres UPDATE table SET jsonb typed column with javascript var not work for remove an array item
- Using Docker container for Odoo version 18 and Postgres 17
- How do I UPDATE a row in a table or INSERT it if it doesn't exist?
- How to find the first partial match node above a child node in an LTREE
- UPDATE statement on table xxx' expected to update 1 row(s); 0 were matched with Zope transactionmanager
- How to connect PGAdmin 4 to Postgres DB residing in Azure Virtual Network