The Vertica Forum recently got a makeover! Let us know what you think by filling out this short, anonymous survey.
Please take this survey to help us learn more about how you use third party tools. Your input is greatly appreciated!

Schema level SELECT on all new tables

vikasrvikasr
in General Discussion

Hi,

I am trying to work on a scenario , where one user creates tables in a 'schema', and all such tables should be visible to a specific user/role, even if the tables are created in future (after grant SELECT command).

My current flow is as:

USERS: dbadmin, user1, user2
SCHEMA: myschema

dbadmin=> GRANT ALL ON SCHEMA  myschema  to  user1;
dbadmin=> GRANT SELECT  ON  ALL  TABLES  IN  SCHEMA  myschema  TO  user2;

dbadmin=> ALTER  SCHEMA  myschema   DEFAULT   INCLUDE  PRIVILEGES;


--  user1  now   creates  table
user1=> CREATE   TABLE  myschema.table1  (id  INT);

-- can user2 see that table
user2=> SELECT  *  FROM  myschema.table1;
--  Permission Denied for table1

Any ideas on how this can be solved ?
Thanks

Comments

  • Shayon_SanyalShayon_Sanyal
    edited May 2017

    When inherited privileges are enabled on a schema, all privileges granted to the schema are automatically granted to all newly created tables or views in the schema. Note that you still must grant privileges on the schema to a user. Let me know if this is what you're looking for:

    dbadmin=> create user user1;
CREATE USER
dbadmin=> create user user2;
CREATE USER
dbadmin=> create schema myschema DEFAULT INCLUDE PRIVILEGES;
CREATE SCHEMA
dbadmin=> GRANT ALL ON SCHEMA myschema to user1;
GRANT PRIVILEGE
dbadmin=> \x
Expanded display is on.
dbadmin=> select * from grants where object_name = 'myschema';
-[ RECORD 1 ]----------+----------------------------------------------------------------------------
grant_id               | 45035996274153768
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description | INSERT*, SELECT*, UPDATE*, DELETE*, REFERENCES*, USAGE*, CREATE*, TRUNCATE*
object_schema          |
object_name            | myschema
object_id              | 45035996274153766
object_type            | SCHEMA
grantee_id             | 45035996273704962
grantee                | dbadmin
-[ RECORD 2 ]----------+----------------------------------------------------------------------------
grant_id               | 45035996274153770
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description | USAGE, CREATE
object_schema          |
object_name            | myschema
object_id              | 45035996274153766
object_type            | SCHEMA
grantee_id             | 45035996274153758
grantee                | user1

dbadmin=> grant usage, select on schema myschema to user2;
GRANT PRIVILEGE
dbadmin=> select * from grants where object_name = 'myschema';
-[ RECORD 1 ]----------+----------------------------------------------------------------------------
grant_id               | 45035996274153768
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description | INSERT*, SELECT*, UPDATE*, DELETE*, REFERENCES*, USAGE*, CREATE*, TRUNCATE*
object_schema          |
object_name            | myschema
object_id              | 45035996274153766
object_type            | SCHEMA
grantee_id             | 45035996273704962
grantee                | dbadmin
-[ RECORD 2 ]----------+----------------------------------------------------------------------------
grant_id               | 45035996274153770
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description | USAGE, CREATE
object_schema          |
object_name            | myschema
object_id              | 45035996274153766
object_type            | SCHEMA
grantee_id             | 45035996274153758
grantee                | user1
-[ RECORD 3 ]----------+----------------------------------------------------------------------------
grant_id               | 45035996274153794
grantor_id             | 45035996273704962
grantor                | dbadmin
privileges_description | SELECT, USAGE
object_schema          |
object_name            | myschema
object_id              | 45035996274153766
object_type            | SCHEMA
grantee_id             | 45035996274153762
grantee                | user2

dbadmin=> \c - user1;
You are now connected as user "user1".
dbadmin=> CREATE   TABLE  myschema.table1  (id  INT);
WARNING 6978:  Table "table1" will include privileges from schema "myschema"
CREATE TABLE
dbadmin=> \c - user2;
You are now connected as user "user2".
dbadmin=> SELECT  *  FROM  myschema.table1;
(No rows)
  • vikasrvikasr

    Thanks @Shayon_Sanyal
    I was trying to use 'grant select on all tables', instead of 'grant select on schema'.
    Works like a charm.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home General DiscussionComment As ...