| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Konstantin Knizhnik <knizhnik(at)garret(dot)ru> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Peter Eisentraut <peter(at)eisentraut(dot)org> |
| Subject: | Re: Mystery with REVOKE PRIVILEGE |
| Date: | 2026-01-20 21:32:31 |
| Message-ID: | 1757365.1768944751@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Konstantin Knizhnik <knizhnik(at)garret(dot)ru> writes:
>> The problem really seems to be in `select_best_grantor` - it choose
>> "wrong" grantor.
>> It seems to be the bug because as a result of this operation no
>> privilege is revoked at all (because then `merge_acl_with_grant` found
>> no match).
>> I wonder if `select_best_grantor` should always prefer exact match?
> I mean something like this (see attached patch).
I don't think "let's make select_best_grantor even more magic"
is the right approach. IMO, if there is a GRANTED BY clause,
we should use exactly that grantor and not apply select_best_grantor
at all. This is, for example, certainly the behavior needed for
pg_dump.
If I'm reading the SQL spec correctly, it only allows "GRANTED BY
CURRENT_ROLE" and "GRANTED BY CURRENT_USER", so we're already
extending the spec by accepting "GRANTED BY somebody". But it's
really hard to find any justification for select_best_grantor in
the spec. I think we ought to redefine that as a legacy behavior
we use in the absence of any explicit GRANTED BY clause.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2026-01-20 22:04:25 | Re: Mystery with REVOKE PRIVILEGE |
| Previous Message | Lukas Fittl | 2026-01-20 21:27:05 | Re: pg_stat_statements: Fix nested tracking for implicitly closed cursors |