Role app
can access database app
. But role app2
can't. I don't see any specific privileges for role app
, and it's not an owner according to \l
:
app2=> \l
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------------+----------+----------+-------------+-------------+--------------------------
app | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres +
| | | | | postgres=CTc/postgres +
| | | | | app=CTc/postgres +
| | | | | app2=CTc/postgres
...
app2=> \dp
Access privileges
Schema | Name | Type | Access privileges | Column access privileges
--------+---------------------------------------------+----------+-------------------+--------------------------
public | access_users | table | |
public | access_users_id_seq | sequence | |
...
app2=> select * from users;
ERROR: permission denied for relation users
Why role app
is able to access database? What can I check?
Best Answer
As it sounds, the tables (not necessary the database) is owned by the
app
user. This is what the documentation tells about this:As nothing is displayed under "Access privileges" in the
\dp
output, and theapp
user can read from and write to the table, it is clear that it's the owner. One can prove this, for example, by issuing\dt access_users
, which should return something likeThis also means (not surprisingly), that no other user (except superusers and the members of the
app
role) has access to the tables. If you wantapp2
to have some rights on them (and future tables), an earlier answer of mine might be interesting.