Skip site navigation (1) Skip section navigation (2)

Users + Groups = Roles, duplicate name issue

From: ljb <ljb220(at)mindspring(dot)com>
To: pgsql-admin(at)postgresql(dot)org
Subject: Users + Groups = Roles, duplicate name issue
Date: 2005-12-21 01:42:14
Message-ID: doabtl$q00$ (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
I loaded a 7.4.x dump into a new 8.1.1 database and found out what happens
if you had the same name as both a user and a group. You can get users with
more rights than they had before.  I guess it is too late, but perhaps a
mention in the release text would have been a good idea. Advise people to
rename any group which has the same name as a user.

For example, if at 7.4.x I have:
  Group:    Is granted all rights to table:
    test      test_data
    acct      money_data

  Username:   Member of group:   And therefore gets all rights to table:
    ljb         test               test_data
    test        acct               money_data

After loading the dump into 8.1.1, the test user and test group get merged
into a single role, so the test user gets granted all rights to the test_data
table. In addition, 'ljb' now effectively is a member of the 'acct' group
(via the test role), so is granted all rights to the money_data table.


pgsql-admin by date

Next:From: Tom LaneDate: 2005-12-21 05:00:10
Subject: Re: cache lookup failed for type
Previous:From: Alvaro HerreraDate: 2005-12-20 17:03:46
Subject: Re: WITH SYSID feature dropped

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group