| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> |
| Cc: | pgsql-bugs(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Subject: | Re: BUG #1150: grant options not properly checked |
| Date: | 2004-05-11 14:54:11 |
| Message-ID: | 9897.1084287251@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> writes:
> I'm not Peter, but I have an answer anyway: the standard says it should be
> narrowed.
Hmm, and also 12.2 says:
8) For every combination of <grantee> and <action> on O specified
in <privileges>, if there is no corresponding privilege
descriptor in CPD, then a completion condition is raised:
warning - privilege not granted.
9) If ALL PRIVILEGES was specified, then for each grantee G, if
there is no privilege descriptor in CPD specifying grantee G,
then a completion condition is raised: warning - privilege not
granted.
Note that says WARNING, not ERROR. So I guess what we need to do is
narrow the privilege set and issue a warning message.
I think this also bears on the question that was raised before about
whether REVOKE should raise an error if you don't have the right to
revoke the privileges you're listing. We don't, and based on this
I think we shouldn't --- but maybe we should issue a warning.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-05-11 15:03:17 | Re: BUG #1151: Initdb fails ... |
| Previous Message | Fabien COELHO | 2004-05-11 14:17:23 | Re: BUG #1150: grant options not properly checked |