Hi
One "gotcha" that crops up from time to time is that it's possible to grant
privileges on objects in a particular schema to a user other than the schema
owner, giving the impression that the user now has those privileges, but if
usage on
the schema itself hasn't been granted, the privileges are of course
ineffective. I think it would be worth highlighting this in the documentation
as this seems easy to overlook; suggested patch attached.
Regards
Ian Barwick
--
Ian Barwick http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml
new file mode 100644
index 0aa0c13..c706374
*** a/doc/src/sgml/ddl.sgml
--- b/doc/src/sgml/ddl.sgml
*************** SELECT 3 OPERATOR(pg_catalog.+) 4;
*** 2108,2113 ****
--- 2108,2121 ----
might need to be granted, as appropriate for the object.
</para>
+ <warning>
+ <para>
+ While it's possible to grant privileges on individual objects
+ within a schema to a user, these privileges will remain ineffective
+ until the <literal>USAGE</literal> privilege on the schema is granted.
+ </para>
+ </warning>
+
<para>
A user can also be allowed to create objects in someone else's
schema. To allow that, the <literal>CREATE</literal> privilege on
--
Sent via pgsql-docs mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs
