Skip site navigation (1) Skip section navigation (2)

Re: Users + Groups = Roles, duplicate name issue

From: "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
To: ljb <ljb220(at)mindspring(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Users + Groups = Roles, duplicate name issue
Date: 2005-12-21 20:31:23
Message-ID: 20051221203123.GG72143@pervasive.com (view raw or flat)
Thread:
Lists: pgsql-admin
Which version of pg_dump did you use to dump the old database? The
recommended procedure is to use the newer version of pg_dump (ie:
pg_dump from 8.1.1) to dump the old database. It's possible that the
newer version of pg_dump has facilities in place to deal with this.
Those facilities would obviously be missing from older versions.

On Wed, Dec 21, 2005 at 01:42:14AM +0000, ljb wrote:
> I loaded a 7.4.x dump into a new 8.1.1 database and found out what happens
> if you had the same name as both a user and a group. You can get users with
> more rights than they had before.  I guess it is too late, but perhaps a
> mention in the release text would have been a good idea. Advise people to
> rename any group which has the same name as a user.
> 
> For example, if at 7.4.x I have:
>   Group:    Is granted all rights to table:
>     test      test_data
>     acct      money_data
> 
>   Username:   Member of group:   And therefore gets all rights to table:
>     ljb         test               test_data
>     test        acct               money_data
> 
> After loading the dump into 8.1.1, the test user and test group get merged
> into a single role, so the test user gets granted all rights to the test_data
> table. In addition, 'ljb' now effectively is a member of the 'acct' group
> (via the test role), so is granted all rights to the money_data table.
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
>        subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
>        message can get through to the mailing list cleanly
> 

-- 
Jim C. Nasby, Sr. Engineering Consultant      jnasby(at)pervasive(dot)com
Pervasive Software      http://pervasive.com    work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf       cell: 512-569-9461

In response to

Responses

pgsql-admin by date

Next:From: Jim C. NasbyDate: 2005-12-21 21:25:25
Subject: Re: Help Me !
Previous:From: Scott MarloweDate: 2005-12-21 20:11:18
Subject: Re: Help Me !

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group