The role was created as shown below:

CREATE ROLE <role_name> WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB
NOCREATEROLE NOREPLICATION;

On Fri, Mar 17, 2017 at 3:56 PM, HEARNE, TIMOTHY S <th1...@att.com> wrote:

> Did you create the user with SUPERUSER or some other elevated privilege?
> Since you did not include the script for the user, it is hard to determine
> the exact root cause.
>
> If you have any questions, please feel free to contact me.
>
> *Tim Hearne*
> CAST / Flex Force Application DBA
> Principal DBA
>
> Centralized Development
> AT&T Services, Inc.
> e-mail:  timothy.hea...@att.com
> http://intranet.att.com/its/cdtworx/content.cfm/home/
>
> Agile Bronze Certified
>
> AT&T CAST team mailbox:  g01...@att.com
>
> PROPRIETARY INFORMATION
> The Information contained herein is for use only by authorized employees
> of AT&T, and authorized
>
> Affiliates of AT&T, and is not for general distribution within or outside
> the respective companies
>
>
>
> *From:* pgadmin-support-ow...@postgresql.org [mailto:
> pgadmin-support-ow...@postgresql.org] *On Behalf Of *Osahon Oduware
> *Sent:* Friday, March 17, 2017 7:46 AM
> *To:* pgadmin-support@postgresql.org
> *Subject:* [pgadmin-support] QGIS Seem To Bypass PostgreSQL/PostGIS User
> Privileges/Permissions
>
>
>
> Hi All,
>
>
>
> I created a "Read-only" User in PostgreSQL via a Role with "SELECT" ONLY
> privilege on all tables in a schema as shown below:
>
>
>
> GRANT SELECT ON ALL TABLES IN SCHEMA [schema_name] TO [role_name]
>
> GRANT [role_name] TO [user_name]
>
>
>
> Next, I test this by trying to UPDATE a column in a table (same schema as
> above) with pgAdmin/psql and this works fine by giving a response that the
> user has no permission - 'ERROR: permission denied for relation
> <table_name>.'
>
>
>
> Next, I connect with the same user in QGIS and add a layer from the same
> table (same schema as above). I open the attribute table for the layer,
> turn on editing mode (by clicking on the pencil-like icon), and edit the
> same field/column above. To my surprise, the edit was saved successfully
> without any permission error prompt.
>
>
>
> Next, I check the value of the field/column (same table/schema as above)
> in pgAdmin/psql and it is having the new (edited) value from QGIS. This is
> rather strange as it seems QGIS is bypassing the permissions set for the
> same user in the PostgreSQL/PostGIS database.
>
>
>
> I will be glad if someone can help me unravel this mystery.
>

Reply via email to