Warm tip: This article is reproduced from stackoverflow.com, please click
postgresql

Owner of postgresql database

发布于 2020-03-27 15:40:25

I'm just a Postgresql novice so excuse the ignorance, does the owner of a postgresql database automatically have all privileges to the database including all new tables, sequences etc created?

So if my application is using the a postgresql database user called app-user (and is the owner), does that mean I could do anything in that database despite the app-user only has read permission on public schema?

What I'm trying to get at, is I want one database user that has full privileges to a single database and not having to worry about any future tables being created etc.

Postgresql privileges is little confusing to me compared to MySQL.

Thanks

Questioner
hitman222
Viewed
77
分享
Laurenz Albe 2020-01-31 16:13

PostgreSQL privileges are very logical once you get the basic idea.

Each objects carries its own access control list (ACL) that governs who has what privileges on it.

Each object has an owner, which is the user that created it. The owner has all privileges by default, and all other roles have no privileges (there are many exception to this latter rule, for example databases or functions). Only the owner can ALTER or DROP an object.

If an object can contain other objects (like a database can contain schemas or subscriptions, or a schema can contain tables), you need the CREATE privilege on that object to create objects in it.

So let's put that together:

  • If you start with an empty database, all the user needs is the CREATE privilege on the database (which would be included in ownership). Then he can create schemas in that database. Since he is then the owner of these schemas, he has the CREATE privilege and can create objects in it.

  • If the database you start with is not empty, then you additionally have to grant that user privileges on the existing objects (or change the ownership of these objects). Being the owner of a database does not imply being the owner of all objects in the database.

To answer your specific question, if app-user owns the database, but has no CREATE privilege on schema public, app-user will be able to create new schemas in the database and create objects in these schemas, but will not be able to create objects in public.

Related issues

1
Query is possibly slow?
2
Getting empty rows from "SELECT ALL" query in PostgreSQL
3
Implement smart search by text field in database
4
Is it posible to use queried column_name in INSERT INTO statement?
5
What is the different between replica and db instance in Aurora Postgresql?
6
Entity Framework Core Many to Many change navigation property names
7
Django
8
How can i use longitude and latitude with typeorm and postgres
9
Keeping annotated rank when filtering Django
10
Liquibase validation fails when UNIQUE constraint