| From: | Rafal Pietrak <rafal(at)zorro(dot)isa-geek(dot)com> |
|---|---|
| To: | Scott Marlowe <smarlowe(at)g2switchworks(dot)com> |
| Cc: | pgsql general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: about the RULE system |
| Date: | 2006-12-14 07:04:39 |
| Message-ID: | 1166079879.27564.88.camel@zorro.isa-geek.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, 2006-12-13 at 15:43 -0600, Scott Marlowe wrote:
> On Wed, 2006-12-13 at 15:36, Rafal Pietrak wrote:
> >
> >
> > "REVOKE ALL ON FUNCTION piti() FROM PUBLIC"
> >
> > Doe not seam to have any effect on functions installed as a trigger.
>
> Does your "common user" have the permission to create users?
No (although the one I've initially tested this scenario on, was in a
group that did have that permission).
But this time I've tested this on user "niby":
\du niby
List of roles
Role name | Superuser | Create role | Create DB | Connections | Member
of
-----------+-----------+-------------+-----------+-------------+-----------
niby | no | no | no | no limit |
(1 row)
CREATE TEMP TABLE mini (id int, name text, fix int, emul text);
CREATE TRIGGER adad BEFORE INSERT ON mini FOR EACH ROW EXECUTE
PROCEDURE piti();
INSERT INTO mini (name,emul,id,fix) VALUES
('cz_'||(random()*1000000)::integer,'jasdklad', 130003, 1012 );
INSERT 0 1
----------------------------------------------
where piti() is the function I've described earlier, and did REVOKE ALL
on that function.
*all* the above statements are executed as user "niby". The SCHEMA has:
REVOKE ALL; GRANT USAGE; It *does*not* have "GRANT CREATE".
I hope you can copy the results.
--
-R
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2006-12-14 07:55:06 | Re: a question for the way-back machine |
| Previous Message | Steve Atkins | 2006-12-14 06:27:33 | Re: MySQL drops support for most distributions |