Skip site navigation (1) Skip section navigation (2)

Re: ACLs versus ALTER OWNER

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
Cc: PostgreSQL Developers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: ACLs versus ALTER OWNER
Date: 2004-06-02 14:37:31
Message-ID: 24160.1086187051@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
>> The problem here is not with pg_dump; the problem is that dropping
>> privileges doesn't cascade to dropping objects that are dependent on
>> those privileges.  AFAICS the SQL spec requires us to be able to do
>> the latter. 

> The spec really requires that??  So basically we have RESTRICT and 
> CASCADE on REVOKE?

Well, the spec doesn't have create permissions per se, but they do have
a "usage" right on domains, and they specify that revoking that results
in dropping objects:

         7) For every abandoned domain descriptor DO, let S1.DN be the
            <domain name> of DO. The following <drop domain statement> is
            effectively executed without further Access Rule checking:

              DROP DOMAIN S1.DN CASCADE

Similarly, revoking access to tables etc. results in physical changes to
views that reference those tables.  So I think the idea is pretty clear.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2004-06-02 14:44:07
Subject: Re: Nested transactions and tuple header info
Previous:From: Jan WieckDate: 2004-06-02 14:34:56
Subject: Re: sync vs. fsync question

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group