Skip site navigation (1) Skip section navigation (2)

Re[2]: postgres not use table access permissions ?

From: Partyka Robert <bobson(at)saturn(dot)alpha(dot)pl>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re[2]: postgres not use table access permissions ?
Date: 2000-11-03 18:32:55
Message-ID: Pine.LNX.4.21.0011031928090.22116-100000@saturn.alpha.pl (view raw or flat)
Thread:
Lists: pgsql-hackers
> Partyka Robert <bobson(at)saturn(dot)alpha(dot)pl> writes:
> > #create user bobson with password '1' nocreatedb nocreateuser;
> > CREATE
> > #create table a (a int4);
> > CREATE
> > #revoke all on a from public;
> > CHANGE
> > and now from user bobson after conecting to test database:
> > #insert into a values ('1');
> > INSERT 19104 1
> 
> > hmmm... looks like bug. Or I miss something?
> 
> Oops.  Strange though, this looks like it must be a very long-standing
> bug: aclinsert3 thinks it can delete any zero-permissions item from an
> ACL array, whereas aclcheck has a hard-wired assumption that the world
> item is always there.  Could we have missed this for this long?

In 6.5.3 I've found other strange thing. When I give user INSERT, UPDATE
permissions such user can do DELETE without DELETE permissions so in fact
if I do 
# grant UPDATE, INSERT, SELECT on a to user1;
it was treat as:
# grant UPDATE, INSERT, DELETE, SELECT on a to user1;

Today I want to test it on lastest CVS, but ... you know ;)

regards
Robert 'BoBsoN' Partyka


In response to

Responses

pgsql-hackers by date

Next:From: Tim UckunDate: 2000-11-03 18:45:54
Subject: Re: Re: [HACKERS] OSDN Database conference report (long)
Previous:From: Tom LaneDate: 2000-11-03 18:22:51
Subject: Re: postgres not use table access permissions ?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group