[postgis-users] auto GRANT on new table

Mark Cave-Ayland mark.cave-ayland at siriusit.co.uk
Fri Feb 22 01:51:22 PST 2008

On Friday 22 February 2008 06:58:59 Maciej Sieczka wrote:

Hi Maciej,

> My first post here. Hi All!
> Sorry if the issue was already discussed. I have searched the net and
> your archives for several hours not finding an answer.
> There are 2 role groups in my cluster: "editors" and "viewers". In each
> group there are several users.
> In the DB, "editors" are allowed to create new tables in one schema. My
> problem is that only the very user who created the table is allowed to
> edit it. I'd like to enable other "editors" to edit the table too,
> without having to manually GRANT rights every time a new table is created.
> What should I do to automatically grant SELECT, INSERT, UPDATE, DELETE,
> REFERENCES on a table for all "editors", and SELECT for all "viewers",
> automatically when the table is created?

What do the permissions look like when the table has been created? I suspect 
that you may need to issue an explicit "SET ROLE" statement for editors just 
after you connect to the database. See 
http://www.postgresql.org/docs/8.2/interactive/sql-set-role.html for more 

>  From reading so far I suppose I could create a function which calls an
> appropriate GRANT, and trigger it when a new record is added to
> "pg_tables". Is that a way to go? Is there an easier one?
> An extra, but desired functionality, would be if I could also prevent
> other "editors" from modifying the data *if* it is being currently being
> edited by some user. Is that feasible at all?

If you're using a new version of PostgreSQL as you are, the best way to go is 
probably advisory locks - see 
for more information.



Mark Cave-Ayland
Sirius Corporation - The Open Source Experts
T: +44 870 608 0063

More information about the postgis-users mailing list