| From: | Partyka Robert <bobson(at)saturn(dot)alpha(dot)pl> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re[2]: postgres not use table access permissions ? |
| Date: | 2000-11-03 18:32:55 |
| Message-ID: | Pine.LNX.4.21.0011031928090.22116-100000@saturn.alpha.pl |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Partyka Robert <bobson(at)saturn(dot)alpha(dot)pl> writes:
> > #create user bobson with password '1' nocreatedb nocreateuser;
> > CREATE
> > #create table a (a int4);
> > CREATE
> > #revoke all on a from public;
> > CHANGE
> > and now from user bobson after conecting to test database:
> > #insert into a values ('1');
> > INSERT 19104 1
>
> > hmmm... looks like bug. Or I miss something?
>
> Oops. Strange though, this looks like it must be a very long-standing
> bug: aclinsert3 thinks it can delete any zero-permissions item from an
> ACL array, whereas aclcheck has a hard-wired assumption that the world
> item is always there. Could we have missed this for this long?
In 6.5.3 I've found other strange thing. When I give user INSERT, UPDATE
permissions such user can do DELETE without DELETE permissions so in fact
if I do
# grant UPDATE, INSERT, SELECT on a to user1;
it was treat as:
# grant UPDATE, INSERT, DELETE, SELECT on a to user1;
Today I want to test it on lastest CVS, but ... you know ;)
regards
Robert 'BoBsoN' Partyka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim Uckun | 2000-11-03 18:45:54 | Re: Re: [HACKERS] OSDN Database conference report (long) |
| Previous Message | Tom Lane | 2000-11-03 18:22:51 | Re: postgres not use table access permissions ? |