Hierarchical access control

Creating PostgreSQL Databases

Darryl Reeves

Industry Assistant Professor, New York University

Access control with schemas

CREATE SCHEMA me;

CREATE SCHEMA spouse;

CREATE TABLE me.account (...);

CREATE TABLE spouse.account (...);

CREATE USER better_half WITH PASSWORD 'changeme';

GRANT USAGE ON SCHEMA spouse TO better_half;

GRANT USAGE ON SCHEMA public TO better_half;

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA spouse;

TO better_half;

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public

TO better_half;

Schema-based access control implemented

CREATE GROUP family;

GRANT USAGE ON SCHEMA public TO family;

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA

public TO family;

ALTER GROUP family ADD USER fin
ALTER GROUP family ADD USER better_half;

Creating PostgreSQL Databases