Skip site navigation (1) Skip section navigation (2)

Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped)

From: Russell Smith <mr-russ(at)pws(dot)com(dot)au>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Davis <pgsql(at)j-davis(dot)com>, pgsql-bugs(at)postgresql(dot)org, Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped)
Date: 2007-05-15 08:50:22
Message-ID: 4649744E.90605@pws.com.au (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-hackers
Alvaro Herrera wrote:
> Alvaro Herrera wrote:
>
>   
>> 2. decide that the standard is braindead and just omit dumping the
>>    grantor when it's no longer available, but don't remove
>>    pg_auth_members.grantor
>>
>> Which do people feel should be implemented?  I can do whatever we
>> decide; if no one has a strong opinion on the matter, my opinion is we
>> do (2) which is the easiest.
>>     
>
> Here is a patch implementing this idea, vaguely based on Russell's.
>   

I haven't had time to finalize my research about this, but the admin 
option with revoke doesn't appear to work as expected.

Here is my sample SQL for 8.2.4

create table test (x integer);
\z
create role test1 noinherit;
create role test2 noinherit;
grant select on test to test1 with grant option;
grant select on test to test2;
\z test
set role test1;
revoke select on test from test2;
\z test
set role test2;
select * from test;
reset role;
revoke all on test from test2;
revoke all on test from test1;
drop role test2;
drop role test1;
drop table test;
\q


The privilege doesn't appear to be revoked by test1 from test2.  I'm not 
sure if this is related, but I wanted to bring it up in light of the 
options we have for grantor.


In response to

Responses

pgsql-hackers by date

Next:From: Heikki LinnakangasDate: 2007-05-15 09:32:20
Subject: Re: Seq scans roadmap
Previous:From: Dave PageDate: 2007-05-15 07:58:38
Subject: Re: What is happening on buildfarm member baiji?

pgsql-bugs by date

Next:From: Alvaro HerreraDate: 2007-05-15 13:34:29
Subject: Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped)
Previous:From: Brian HirtDate: 2007-05-15 02:32:21
Subject: strange problem with ip6

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group