| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Rod Taylor <rbt(at)rbt(dot)ca> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Subject: | Re: pg_dump and REVOKE on function |
| Date: | 2003-08-12 21:15:52 |
| Message-ID: | 16611.1060722952@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Rod Taylor <rbt(at)rbt(dot)ca> writes:
> r=# REVOKE ALL ON FUNCTION weekdate (date) FROM PUBLIC;
> REVOKE
> r=# GRANT ALL ON FUNCTION weekdate (date) TO PUBLIC;
> GRANT
> r=# REVOKE ALL ON FUNCTION weekdate (date) FROM rbt;
> ERROR: dependent privileges exist
> HINT: Use CASCADE to revoke them too.
Ugh. We could fix pg_dump to output the commands in a better order,
but that won't help for dumps from existing releases.
Given that rbt is the owner of the object, I'm not sure that it is
sensible to interpret the above as revoking his ability to grant
privileges to others. Seems to me that his ability to GRANT is inherent
in being the owner, and as such his "grant option" bits are irrelevant.
So maybe the commands are okay and the backend's interpretation is
bogus.
Peter, any thoughts?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2003-08-12 22:04:25 | Re: reuse sysids security hole? |
| Previous Message | Tom Lane | 2003-08-12 20:58:08 | Re: Parsing speed (was Re: pgstats_initstats() cost) |