Versions tested:
7.4devel from cvs and 7.2.x (i'm not sure about x since the test was
done by somebody else).
Description:
When dropping user his rights stay in database creating possible
security breach.
Sample Code:
create table xxx (...);
create user test;
grant select on xxx to test;
select relacl from pg_class where relname=3D'czasy';
drop user test;
select relacl from pg_class where relname=3D'czasy';
right now it's not even possible to revoke this rights:
# revoke all on xxx from test;
ERROR: user "test" does not exist
[[local]:5432] [depesz@depesz]
# revoke all on xxx from 102;=20
ERROR: parser: syntax error at or near "102" at character 24
I belive drop user should automatically drop all user privileges, and
even if not there should be simple syntax to drop all user privileges
from all objects in database (dropping all privileges "by hand" might be
major pain when dealing with > 100 tables with several hundreds of
views, procedures and so on.
depesz
--=20
hubert depesz lubaczewski http://www.depesz.pl/
> wynajm=EA mieszkanie - 60 metr=F3w, 3 pokoje, piast=F3w - od lutego (po =
<
-=3D> remoncie) interesuje ci=EA - napisz: depesz@depesz.pl <=
=3D-