Hi,
I came across a situation which revealed that getTablePrivileges is not
returning any grants if a table is owned by a group role, i.e. a role wihout
login attribute. The connection is opened with superuser priviliges.
This code runs with the latest 8.4 driver (702) agains a 8.4.8 database.
public static void listprivs() throws SQLException{
ResultSet rs = con.getMetaData().getTablePrivileges(null, "public", "test");
int i = 0;
while (rs.next())
{
System.out.print("grantee: " + rs.getString("GRANTEE"));
System.out.println(", privilege: " + rs.getString("PRIVILEGE"));
i++;
}
System.out.println("Total: " + i);
}
public static void main(String[] args) throws ClassNotFoundException,
SQLException {
Class.forName("org.postgresql.Driver");
con = DriverManager.getConnection("jdbc:postgresql://localhost/test",
"user", "****");
con.setAutoCommit(true);
Statement stmt = con.createStatement();
stmt.executeUpdate("create table test (a int)");
stmt.executeUpdate("create role test_group");
stmt.executeUpdate("alter table test owner to test_group");
System.out.println("Initial case");
listprivs();
stmt.executeUpdate("alter role test_group login");
System.out.println("login attribute set");
listprivs();
stmt.executeUpdate("drop table test");
stmt.executeUpdate("drop role test_group");
}
}
Output:
Initial case
Total: 0
Group with login
grantee: test_group, privilege: DELETE
grantee: test_group, privilege: INSERT
grantee: test_group, privilege: REFERENCES
grantee: test_group, privilege: RULE
grantee: test_group, privilege: SELECT
grantee: test_group, privilege: TRIGGER
grantee: test_group, privilege: UPDATE
Total: 7
To my understanding, the result should be the same in both cases. The result is
the same even if there are explicit grants on the table to some other role.
Regards,
Jonas Sundman