Re: Irrevocable privileges
| От | Tom Lane |
|---|---|
| Тема | Re: Irrevocable privileges |
| Дата | |
| Msg-id | 27892.1115766633@sss.pgh.pa.us обсуждение |
| Ответ на | Irrevocable privileges ("Dave Held" <dave.held@arraysg.com>) |
| Список | pgsql-admin |
"Dave Held" <dave.held@arraysg.com> writes:
> I think it's silly that any privileges that an owner grants to himself =
> are essentially irrevocable.
Say again? An owner can certainly revoke his own ordinary privileges.
> Consider:
> User joe creates table foo
> User joe grants permission rw to himself on foo
> User joe decides that user bob should really be the owner of foo
> User joe revokes his permissions, alters foo to be owned by bob,=20
> and gives bob rw privilege
> User joe is annoyed to find out that his privileges are in a state of =
> limbo
Please define "state of limbo". Also note that if user joe is able to
do "ALTER OWNER" then he must be a superuser, and hence not subject to
access controls in the first place.
I do recall that we recently (probably in 8.0) fixed some issues with
what ALTER OWNER does with existing privileges. What version are you
testing?
regards, tom lane
В списке pgsql-admin по дате отправления: