public inbox for pgsql-performance@postgresql.org
help / color / mirror / Atom feedFrom: Tom Lane <tgl@sss.pgh.pa.us>
To: David G. Johnston <david.g.johnston@gmail.com>
Cc: ikramuddin <ikram.amani815@gmail.com>
Cc: pgsql-performance@lists.postgresql.org
Subject: Re: how to switch user in postgres
Date: Sat, 11 Apr 2026 15:29:06 -0400
Message-ID: <37590.1775935746@sss.pgh.pa.us> (raw)
In-Reply-To: <CAKFQuwaFHzyqZTPsiQRWyucy0jov9MpbvtcMGSyTE6nsBySLPQ@mail.gmail.com>
References: <CAL9MbytWDzHYHPo31AeR=-ZcCKfQr8uXQitFNe0nehAvLze7PA@mail.gmail.com>
<CAKFQuwaFHzyqZTPsiQRWyucy0jov9MpbvtcMGSyTE6nsBySLPQ@mail.gmail.com>
"David G. Johnston" <david.g.johnston@gmail.com> writes:
> This seems quite misplaced on the -performance mailing list.
Indeed.
> On Sat, Apr 11, 2026 at 10:55 AM ikramuddin <ikram.amani815@gmail.com>
> wrote:
>> plz guide it is a bug or this behavious left intentionally.
> Intentional, every object has its own permissions that are granted to roles
> independently of others.
Also, "REVOKE CONNECT ON DATABASE finance FROM simon" is probably a
no-op, because nobody ever did "GRANT CONNECT ON DATABASE finance TO
simon". Rather, the reason simon can connect is that there's a
default "GRANT CONNECT ... TO public". If you want to restrict
CONNECT privileges, you have to revoke that and then hand out
the privilege selectively to users that should have it.
regards, tom lane
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: pgsql-performance@postgresql.org
Cc: tgl@sss.pgh.pa.us, david.g.johnston@gmail.com, ikram.amani815@gmail.com, pgsql-performance@lists.postgresql.org
Subject: Re: how to switch user in postgres
In-Reply-To: <37590.1775935746@sss.pgh.pa.us>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox