Re: BUG #1114: REVOKE done by non-privileged user claims success

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: BUG #1114: REVOKE done by non-privileged user claims success
Дата
Msg-id 18951.1080144860@sss.pgh.pa.us
обсуждение исходный текст
Ответ на BUG #1114: REVOKE done by non-privileged user claims success  ("PostgreSQL Bugs List" <pgsql-bugs@postgresql.org>)
Ответы Re: BUG #1114: REVOKE done by non-privileged user claims success  (Peter Eisentraut <peter_e@gmx.net>)
Список pgsql-bugs
Дерево обсуждения 
"PostgreSQL Bugs List" <pgsql-bugs@postgresql.org> writes:
> When REVOKE is used on an object for which the current user does not have
> GRANT privilege, the operation fails but "REVOKE" is returned as if it had
> succeeded:

Looking at the code, this seems to be intentional, because the privilege
check is not made for revokes only for grants:

        if (stmt->is_grant
            && !pg_class_ownercheck(relOid, GetUserId())
            && pg_class_aclcheck(relOid, GetUserId(),
                                 ACL_GRANT_OPTION_FOR(privileges)) != ACLCHECK_OK)
            aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS, relvar->relname);

Peter, do you remember why you did it that way?

            regards, tom lane

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: BUG #1113: Default template databases grant CREATE to PUBLIC
Следующее
От: Tom Lane
Дата:
Сообщение: Re: BUG #1113: Default template databases grant CREATE to PUBLIC