Hello Everyone. I am having issues with privilege inheritance to a login role through a group role.
These are the steps I am performing: 1. data: stcities belongs to user gdb, it resides in the gdb schema 2. map user is a login role: CREATE ROLE map LOGIN ENCRYPTED PASSWORD 'md59ec9dda576db2a36c42c1c3af155d07c' NOSUPERUSER NOINHERIT CREATEDB NOCREATEROLE; 1. editor role is created, and privileges to the data are granted to it: CREATE ROLE editor NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE; GRANT select on gdb.stcities TO editor; 1. user map is made a member of the editor role: GRANT editor TO map; Now, theoretically, I am expecting the map role to be able to inherit the select privileges via the editor group role to the gdb.stcities data. But that is not the case, when I make a connection to pgAdminIII as the map user, I receive the following message: An error has occurred: Error: permission denied for relation stcities So, map is not inheriting the privs from the role. -editor group has privs on the data: gdb=arwdxt/gdb,editor=r/gdb -Selecting from pg_auth_members tells me that role map is part of group editor So, why is map not inheriting the privs granted to the editor role? Am I missing a step? Thanks in advance, Sincerely, Kasia
