From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Paul Förster <paul(dot)foerster(at)gmail(dot)com> |
Cc: | Postgres General <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: has_database_privilege is true? |
Date: | 2020-08-23 14:52:19 |
Message-ID: | 20200823145219.GN29590@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Greetings,
* Paul Förster (paul(dot)foerster(at)gmail(dot)com) wrote:
> > On 23. Aug, 2020, at 16:28, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> >
> > The role attribute system (where you see 'cannot login') is largely
> > independent from the GRANT system (which is what has_database_privilege
> > is checking). Both are required for a user to log in.
>
> I see. So I need to
>
> postgres=# revoke all privileges on database "postgres", "db01", "db02" from public;
> REVOKE
If you want has_database_privilege() to return that the user doesn't
have access due to missing GRANT privileges, yes.
An alternative would be to query against pg_roles and check the
'rolcanlogin' privilege/column. Again, a user has to have both in order
to be able to actually log in.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Paul Förster | 2020-08-23 15:03:35 | Re: has_database_privilege is true? |
Previous Message | Paul Förster | 2020-08-23 14:48:56 | Re: has_database_privilege is true? |