| From: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Developers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: ACLs versus ALTER OWNER |
| Date: | 2004-06-02 08:44:31 |
| Message-ID: | 40BD936F.1050502@familyhealth.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> REVOKE ALL ON TABLE foo FROM GRANTOR [USER] alice;
>
> The super user must really be a *super* user.
I think we need a proper 'effective user' facility.
At the moment, there's breakage if a super user creates a language, then
drops their superuser privs, then the dump cannot be restored.
All other failure cases also exist. eg if a gumby user creates a table
in a schema, then has his permission to create tables in that schema
revoked. The dump will be broken.
The solution seems to me that we need to have an 'effective_user' SET
option so that the superuser doing the restore can still create tables
owned by the gumby, even though the gumby does not have privileges to do
so.
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | ivan | 2004-06-02 08:52:05 | query INSERT OR REPLACE |
| Previous Message | Fabien COELHO | 2004-06-02 07:19:44 | Re: ACLs versus ALTER OWNER |