Skip site navigation (1) Skip section navigation (2)

Re: BUG #1150: grant options not properly checked

From: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net>
Subject: Re: BUG #1150: grant options not properly checked
Date: 2004-05-12 13:55:20
Message-ID: Pine.LNX.4.58.0405121542330.3857@sablons.cri.ensmp.fr (view raw or flat)
Thread:
Lists: pgsql-bugs
Dear Tom,

> I looked at this more carefully.  In both SQL92 and SQL99, the only
> Access Rule for GRANT is
>
>          1) The applicable privileges shall include a privilege identifying
>             O.
>
> Here "O" is the target object, and "applicable privileges" is all the
> privileges held by the current user.
>
> Now, that says "a privilege", not "the privilege to be granted", nor
> even "a privilege with grant option".

Ok. "identified" privilege seems to be defined in *Syntax* rule 4 and it
includes "with grant option" (section 12.2 <grant privilege statement>).

> As near as I can tell, what the spec wants is that GRANT should raise
> error if the issuing user has no privileges at all for the target
> object, but as long as he has at least one privilege bit, he gets past
> the Access Rule --- whether or not that bit has anything to do with the
> privilege bits to be granted.

Ok, I understand it finally. If it is *empty*, then it is an error, but if
it is not empty, then it proceeds with grantable privileges and warns
about ungrantable ones. What you say above.

> AFAICS the specification for REVOKE is exactly parallel.

Ok, but "identified" means there "those that are currently granted
by A" (12.7 <revoke statement> 9 case a).

> So the existing code is still wrong, but not in quite the way we thought.

Sorry. I sometimes tend to read what I expect instead of what is written
when reading a specs...

> I'd be the first to say that this aspect of the spec is a tad bizarre.

Well, we agree on that;-)

> Does anyone want to argue for ignoring the spec and implementing "saner"
> behavior?  It's not like we are super close to spec compliance for
> privileges otherwise ...

I think that if pg really sticks to the spec as I finally understand it
with your help, it would not be bad. I mean with both error (empty set in
grant or revoke) and warnings (non grantable parts for grant, non granted
parts for revoke).

Thanks for your help,

-- 
Fabien Coelho - coelho(at)cri(dot)ensmp(dot)fr

In response to

pgsql-bugs by date

Next:From: Peter EisentrautDate: 2004-05-12 14:58:04
Subject: Re: BUG #1149: server includes not installed by default
Previous:From: Fabien COELHODate: 2004-05-12 13:41:48
Subject: Re: BUG #1149: server includes not installed by default

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group