| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Matthew T(dot) O'Connor" <matthew(at)zeut(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Curious (mis)behavior of access rights |
| Date: | 2001-06-04 23:58:26 |
| Message-ID: | 7630.991699106@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Matthew T. O'Connor" <matthew(at)zeut(dot)net> writes:
>> The only downside of this is that we'd lose the "feature" of being able
>> to revoke from a particular user a right that is available via PUBLIC to
>> everyone else.
> Could we add additional privlideges that explicitly restrict a user?
> Perhaps negative permissions like -x -r etc... This would override group
> and public permissions and could be set via revoke. What does the SQL Spec
> say the behaviour should be when group and user permissions are in conflict?
AFAICS the SQL spec's notion of REVOKE is the same as ours: it removes
a previously granted privilege bit. There is no concept of negative
privilege, and I can't say that I want to add one ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2001-06-05 01:42:38 | Question about inheritance |
| Previous Message | Bruce Momjian | 2001-06-04 23:25:54 | Re: Re: AW: [HACKERS] Re: Support for %TYPE in CREATE FUNCTION |