Re: create table permissions bug for 7.3.2

From: Evgeny Duzhakow <diabolo(at)philol(dot)msu(dot)ru>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: create table permissions bug for 7.3.2
Date: 2003-03-13 08:38:14
Message-ID: Pine.LNX.4.20.0303131056050.24659-100000@zeus.philol.msu.ru
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

On Thu, 13 Mar 2003, Tom Lane wrote:

TL>regression=# create user z;
TL>CREATE USER
TL>regression=# create schema s;
TL>CREATE SCHEMA
TL>regression=# \c - z
TL>You are now connected as new user z.
TL>regression=> create table s.t (f1 int);
TL>ERROR: s: permission denied
TL>regression=>
TL>I'm not seeing the problem. Please provide a test case showing that
TL>there's a bug here.
TL>
TL>Your patch is wrong in any case, I think, since CREATE rights on a
TL>database control the right to create schemas, not individual tables
TL>within schemas ...
Ok, i have a database 'testtables' and some user like 'fake' enabled to
connect via pg_hba.conf

--- cut ---
local testtables fake trust
--- cut ---

All my tables in db are created in the schema public (i don't have
opportunity to correct 500 scripts on an insert there concept of
schemas).

testtables=# \d
List of relations
Schema | Name | Type | Owner
--------+--------+-------+---------
public | lalala | table | diabolo

It is necessary for me, that the user fake only could read tables of a
database and create temp tables for his work, but could not create other
objects.

I have grant permissions on testtables

testtables=# select datname,datacl from pg_database where datname='testtables';
datname | datacl
------------+----------------
testtables | {=,diabolo=CT}

Now i grant 'fake' for creating only temp tables on my db;

testtables=# GRANT TEMP ON DATABASE testtables TO fake;
GRANT
testtables=# select datname,datacl from pg_database where datname='testtables';
datname | datacl
------------+-----------------------
testtables | {=,diabolo=CT,fake=T}

Now connect and try to create the table:

testtables=# \c - fake
You are now connected as new user fake.
testtables=> create table qq(i int);
CREATE TABLE
testtables=> \d
List of relations
Schema | Name | Type | Owner
--------+--------+-------+---------
public | lalala | table | diabolo
public | qq | table | fake

But the basic problem that I have public bases in which it is necessary for
me too most. And it bug for me as without an opportunity of work with grants
at a level of base I receive dust in the bases from users.

Diabolo.

P.S. Sorry for my bad english :(

--- ---
System Administrator of Phone: +7-095-939-1478
the Philological Faculty of E-Mail: diabolo(at)philol(dot)msu(dot)ru
Moscow State University. Web: http://www.philol.msu.ru

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Andrew Koshelev 2003-03-13 09:20:11 Optimizer bug in subselect/view
Previous Message Tom Lane 2003-03-13 05:55:30 Re: create table permissions bug for 7.3.2