| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Bruno Wolff III <bruno(at)wolff(dot)to>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCHES] Users/Groups -> Roles |
| Date: | 2005-06-28 20:37:54 |
| Message-ID: | 20050628203754.GQ24207@ns.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
* Bruno Wolff III (bruno(at)wolff(dot)to) wrote:
> Thinking about it some more, drops wouldn't be an issue since the owner
> can always drop objects.
Right.
> Creating objects in particular schemas or databases is not something that
> all roles may be able to do.
Yeah, I'm not entirely sure what I think about this issue. If you're
not allowed to change ownership of objects and SET ROLE drops your
regular ROLE's privileges then the role which owns the object originally
(and which you're required to be in) must have had create access to that
schema at some point.
I can see requiring the role that's changing the ownership to have
create access to the schema in which the object that's being changed is
in.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2005-06-28 20:43:17 | Re: [HACKERS] Proposed TODO: --encoding option for pg_dump |
| Previous Message | Alvaro Herrera | 2005-06-28 20:33:16 | Re: [HACKERS] Proposed TODO: --encoding option for pg_dump |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2005-06-28 20:43:17 | Re: [HACKERS] Proposed TODO: --encoding option for pg_dump |
| Previous Message | Alvaro Herrera | 2005-06-28 20:33:16 | Re: [HACKERS] Proposed TODO: --encoding option for pg_dump |