Re: Privs
| От | Simon Riggs |
|---|---|
| Тема | Re: Privs |
| Дата | |
| Msg-id | 1270221717.5640.7354.camel@ebony обсуждение исходный текст |
| Ответ на | Re: Privs (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Fri, 2010-04-02 at 10:46 -0400, Tom Lane wrote: > Simon Riggs <simon@2ndQuadrant.com> writes: > > 1. DROP OWNED BY does not drop databases owned by the role. Should it? I > > would say not. This causes this strangeness > > > postgres=# drop owned by fred; > > DROP OWNED > > postgres=# drop user fred; > > ERROR: role "fred" cannot be dropped because some objects depend on it > > DETAIL: access to database fred > > Works as expected for me: > > regression=# create user fred; > CREATE ROLE > regression=# create database dd owner = fred; > CREATE DATABASE > regression=# drop owned by fred; > DROP OWNED > regression=# drop user fred; > ERROR: role "fred" cannot be dropped because some objects depend on it > DETAIL: owner of database dd > regression=# Hmmm, I get that also: I can't repeat the error message I got before. Oh well. I'll guess that the message was accurate after all. > > 2. REASSIGN OWNED BY cannot be executed by the role that is being > > reassigned. It throws > > ERROR: permission denied to reassign objects > > > It seems strange that you can GRANT a priv to another user, yet you > > cannot REASSIGN ownership. > > Why do yo think that is strange? Giving away ownership is traditionally > forbidden in most privilege systems. If you don't see why, think about > it from a cracker's perspective. OK I will add a few short words to both command docs to describe the behaviour. -- Simon Riggs www.2ndQuadrant.com
В списке pgsql-hackers по дате отправления: