Home/ Questions/Q 8024089
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T22:45:37+00:00

I have a common user, mygs_user , across three databases: mydatamodel , mygs ,

  • 0

I have a common user, mygs_user, across three databases: mydatamodel, mygs, and Newdatabase (names changed to protect the innocent).

I’ve ‘inherited’ the first two databases, and have created a third (Newdatabase), whose security must closely replicate the original two–including using the same user-name and role.

The problem is while the two original databases do not have explicit privileges, the common user, mygs_user, can access them just fine. The third (Newdatabase) does not allow access unless I modify the common user to be a super-user, which obviously is not a best-practice.

Of course, I’ve tried setting the security settings of my NewDB to settings of the original ones with no dice.

Here are the two original databases:

mydatamodel

CREATE DATABASE mydatamodel
  WITH OWNER = postgres
       ENCODING = 'UTF8'
       TABLESPACE = datamodel_tablespace
       LC_COLLATE = 'English, United States'
       LC_CTYPE = 'English, United States'
       CONNECTION LIMIT = -1;

mygs

CREATE DATABASE mygs
  WITH OWNER = postgres
       ENCODING = 'UTF8'
       TABLESPACE = mygs_tablespace
       LC_COLLATE = 'English, United States'
       LC_CTYPE = 'English, United States'
       CONNECTION LIMIT = -1;

…and here is the new database:

CREATE DATABASE "NewDatabase"
  WITH OWNER = postgres
       ENCODING = 'UTF8'
       TABLESPACE = pg_default
       LC_COLLATE = 'English, United States'
       LC_CTYPE = 'English, United States'
       CONNECTION LIMIT = -1;
GRANT CONNECT, TEMPORARY ON DATABASE "NewDatabase" TO public;
GRANT ALL ON DATABASE "NewDatabase" TO postgres;
GRANT ALL ON DATABASE "NewDatabase" TO mygs_user;

The two original occupy separate tablespaces, while the new one doesn’t:

CREATE TABLESPACE mygs_tablespace
  OWNER postgres
  LOCATION 'c:/MYGS_Database/PostgreSQL';



CREATE TABLESPACE datamodel_tablespace
  OWNER postgres
  LOCATION 'c:/MYGS_Database/MyDataModel';

This is the the commmon user:

CREATE ROLE mygs_user LOGIN
  SUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE;
GRANT "MYGS" TO mygs_user;

…and the common role:

CREATE ROLE "MYGS"
  NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;

Here are the pg_hba.conf file contents:

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
# IPv4 local connections:
host    all         all         127.0.0.1/32            md5

How can I grant access to the common user for the third database without granting superuser privileges?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Upon further inspection, the privileges were set to authorize the the “MYGS” role at the object-level, with no explicit privileges at the database level. The problem is resolved by the following code, for each object-type:

    Tables:

    ALTER TABLE tableNameHere OWNER TO postgres;
GRANT ALL ON TABLE dtm_tableNameHereTO postgres;
GRANT SELECT, UPDATE, INSERT, DELETE ON TABLE tableNameHere TO "MYGS";

    …functions:

    ALTER FUNCTION functionNameHere(..) OWNER TO postgres;
GRANT EXECUTE ON FUNCTION functionNameHere(..) TO postgres;
GRANT EXECUTE ON FUNCTION functionNameHere(..) TO "MYGS";

    …and sequences:

    ALTER TABLE sequenceNameHere OWNER TO postgres;
GRANT ALL ON TABLE sequenceNameHere TO postgres;
GRANT SELECT, UPDATE ON TABLE sequenceNameHere TO "MYGS";

    Although, the postgres user is not necessary for the solution to work.

    • 0