Skip site navigation (1) Skip section navigation (2)

Re: BUG #1150: grant options not properly checked

From: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net>
Subject: Re: BUG #1150: grant options not properly checked
Date: 2004-05-11 16:20:34
Message-ID: Pine.LNX.4.58.0405111759500.21629@sablons.cri.ensmp.fr (view raw or flat)
Thread:
Lists: pgsql-bugs
Dear Tom,

> section 11.37 <revoke statement> says
>
>          8) For every combination of <grantee> and <action> on O specified
>             in <privileges>, if there is no corresponding privilege de-
>             scriptor in the set of identified privilege descriptors, then a
>             completion condition is raised: warning-privilege not revoked.
>
>          9) If ALL PRIVILEGES was specified, then for each <grantee>, if
>             no privilege descriptors were identified, then a completion
>             condition is raised: warning-privilege not revoked.

This is exactly "General Rule 17 a) and b)" in SQL99/2003.


> which seems parallel to the GRANT case: warning, but no error.

I do not understand it that way.

(1) I think that the "General Rules" apply ONLY IF the "Access Rules" are
    already fulfilled, that is I MUST have the grant option of the rights
    before going there?!

(2) thus what I understand from the above extract is that if I revoke a
    right that was not granted before, then I must issue a warning. Fine.

    This is different from trying to revoke a right without having the
    grant option, what is still an error because it should violate access
    rules, IMHO.

However I think that the above warning would is useful, because it tells
you that something maybe get wrong in a REVOKE.

Only the empty case (GRANT ALL... although I have nothing grantable)
would "only" result in a warning, as It does not violates the access
rules directly, so the general rules would apply on an empty set.

-- 
Fabien Coelho - coelho(at)cri(dot)ensmp(dot)fr

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2004-05-11 19:32:04
Subject: Re: BUG #1150: grant options not properly checked
Previous:From: Tom LaneDate: 2004-05-11 15:57:46
Subject: Re: BUG #1150: grant options not properly checked

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group