On 07/17/2018 12:12 AM, Tom Lane wrote:
> Tomas Vondra <tomas.vondra@2ndquadrant.com> writes:
>> On 07/16/2018 04:55 PM, PG Bug reporting form wrote:
>>> Here are the two scenarios I tested:
>>> 1) as a session_user: superuser and current_user: non-superuser I can edit
>>> others' tables
>>> 2) as a session_user: non-superuser and current_user: superuser I cannot
>>> edit others' tables
>
>> It's usually a good idea to provide exact scripts / output so that
>> people can reproduce the issue easily. For me it behaves like this:
>> ...
>> So, correct in both cases. I'm not on Windows, but I don't see why would
>> it behave differently there.
>
> Tomas' test left out the "GRANT user0 to user1" bit, but I can't
> reproduce the behavior as described either.
>
Ah, right. Sorry for not mentioning that.
I've actually tried both with and without that GRANT (no effect on
behavior), but I've assumed it's there only to allow the `SET user0`
which I've replaced by connecting directly as user0. So I haven't
included it into the response.
regards
--
Tomas Vondra http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services