Skip site navigation (1) Skip section navigation (2)

Re: Curious (mis)behavior of access rights

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Matthew T(dot) O'Connor" <matthew(at)zeut(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Curious (mis)behavior of access rights
Date: 2001-06-04 23:58:26
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
"Matthew T. O'Connor" <matthew(at)zeut(dot)net> writes:
>> The only downside of this is that we'd lose the "feature" of being able
>> to revoke from a particular user a right that is available via PUBLIC to
>> everyone else.

> Could we add additional privlideges that explicitly restrict a user?
> Perhaps negative permissions like -x -r etc...  This would override group
> and public permissions and could be set via revoke.  What does the SQL Spec
> say the behaviour should be when group and user permissions are in conflict?

AFAICS the SQL spec's notion of REVOKE is the same as ours: it removes
a previously granted privilege bit.  There is no concept of negative
privilege, and I can't say that I want to add one ...

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: Christopher Kings-LynneDate: 2001-06-05 01:42:38
Subject: Question about inheritance
Previous:From: Bruce MomjianDate: 2001-06-04 23:25:54
Subject: Re: Re: AW: [HACKERS] Re: Support for %TYPE in CREATE FUNCTION

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group