Skip site navigation (1) Skip section navigation (2)

Re: Curious case of the unstoppable user

From: Raymond O'Donnell <rod(at)iol(dot)ie>
To: Thom Brown <thom(at)linux(dot)com>
Cc: PGSQL Mailing List <pgsql-general(at)postgresql(dot)org>
Subject: Re: Curious case of the unstoppable user
Date: 2011-03-29 20:06:52
Message-ID: 4D923BDC.3050908@iol.ie (view raw or flat)
Thread:
Lists: pgsql-general
On 29/03/2011 19:44, Thom Brown wrote:
> Hi all,
>
> I've just set up a test user, revoked all access from them to a
> database, then tried to connect to that database and it let me in.
> When I try it all from scratch, it works correctly.
>
> Here's the set running correctly:
>
> postgres=# CREATE DATABASE testdb;
> CREATE DATABASE
> postgres=# CREATE ROLE testrole;
> CREATE ROLE
> postgres=# REVOKE ALL ON DATABASE testdb FROM testrole CASCADE;
> REVOKE
> postgres=# \c testdb testrole
> FATAL:  role "testrole" is not permitted to log in
> Previous connection kept
>
> But now if I try something similar with an existing user and existing
> database, it doesn't work:
>
> postgres=# REVOKE ALL ON DATABASE stuff FROM meow CASCADE;
> REVOKE
> postgres=# \c stuff meow
> You are now connected to database "stuff" as user "meow".
>
> So, I'm overlooking something.  Could someone tell me what it is?  I
> bet it's something obvious.  I'm using 9.1dev if it's relevant.


Does the "public" role still have privileges on the database?

Ray.

-- 
Raymond O'Donnell :: Galway :: Ireland
rod(at)iol(dot)ie

In response to

Responses

pgsql-general by date

Next:From: Steve CrawfordDate: 2011-03-29 20:12:52
Subject: Re: Curious case of the unstoppable user
Previous:From: Worgan, Craig (Craig)Date: 2011-03-29 19:13:20
Subject: RPM for ODBC driver

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group