Skip site navigation (1) Skip section navigation (2)

Re: partially effective revoke on pg_catalog

From: hubert depesz lubaczewski <depesz(at)depesz(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: partially effective revoke on pg_catalog
Date: 2007-09-10 17:12:13
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugs
On Mon, Sep 10, 2007 at 11:17:21AM -0400, Tom Lane wrote:
> > ok, but i belive it should either dont allow admin to do so, or, if it
> > does allow, it should behave more consistently.
> There are few "training wheels" for superuser mode.  Try something like
> "delete from pg_proc" if you are looking for ways to break your
> database.

i'm perfectly fine with "revoke from pg_catalog" not working/not
allowed, but dont you think that the outcome should be a bit more

if it would "break the database" - i'm happy with it.
if it will reject hhe command as "it is not possible" - i'm happy with

but now postgresql raports to user that revoke worked. and at first
sight it actually does seem like it.
but a second check showes that the revoke is not really 100% effective.

again - i'm in no position to ask to give the ability to revoke the
privileges. all i'm asking is to put some consistency - either break it,
or forbid. but dont say "revoked" when it's not really true.


quicksil1er: "postgres is excellent, but like any DB it requires a
highly paid DBA.  here's my CV!" :) - blog dla ciebie (i moje CV)

In response to

pgsql-bugs by date

Next:From: Jukka HolappaDate: 2007-09-11 09:28:19
Subject: Re: BUG #3595: Segmentation fault with a simple select query
Previous:From: Tom LaneDate: 2007-09-10 15:17:21
Subject: Re: partially effective revoke on pg_catalog

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group