| From: | jwieck(at)debis(dot)com (Jan Wieck) |
|---|---|
| To: | pgsql-hackers(at)postgreSQL(dot)org (PostgreSQL HACKERS) |
| Subject: | ACL's |
| Date: | 1998-10-21 16:13:50 |
| Message-ID: | m0zW0tT-000EBPC@orion.SAPserv.Hamburg.dsh.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
while writing the chapter about Rules and permissions I
remember that there was a problem with non privileged users.
As soon as someone without superuser privs does a GRANT or
REVOKE on his relations, he must GRANT explicitly to himself
too or will get a "permission denied". I think since the
table owner allway has the right to change ACL's, this
doesn't make sense. I'll dig it up and send in a patch soon.
While doing this, should I exclude RULE permission from GRANT
ALL? I think it's dangerous to have it included, because the
usual way to give full access is a GRANT ALL and someone
might forget that this includes the right to disable rule
actions for a moment. The output of pg_rules gives anyone the
knowledge to reinstall the correct rules after. An explicitly
required GRANT RULE is better IMHO. And the RULE right isn't
standard, is it?
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1998-10-21 16:15:08 | Re: [HACKERS] New INET and CIDR types |
| Previous Message | Bruce Momjian | 1998-10-21 15:42:18 | Re: [HACKERS] New INET and CIDR types |