| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Dave Held" <dave(dot)held(at)arraysg(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Irrevocable privileges |
| Date: | 2005-05-10 23:10:33 |
| Message-ID: | 27892.1115766633@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
"Dave Held" <dave(dot)held(at)arraysg(dot)com> writes:
> I think it's silly that any privileges that an owner grants to himself =
> are essentially irrevocable.
Say again? An owner can certainly revoke his own ordinary privileges.
> Consider:
> User joe creates table foo
> User joe grants permission rw to himself on foo
> User joe decides that user bob should really be the owner of foo
> User joe revokes his permissions, alters foo to be owned by bob,=20
> and gives bob rw privilege
> User joe is annoyed to find out that his privileges are in a state of =
> limbo
Please define "state of limbo". Also note that if user joe is able to
do "ALTER OWNER" then he must be a superuser, and hence not subject to
access controls in the first place.
I do recall that we recently (probably in 8.0) fixed some issues with
what ALTER OWNER does with existing privileges. What version are you
testing?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lori | 2005-05-10 23:34:52 | when to modify.. |
| Previous Message | Dave Held | 2005-05-10 22:40:11 | Irrevocable privileges |