Issues with privileges carrying over after alter table owner
| От | Jorge Torralba |
|---|---|
| Тема | Issues with privileges carrying over after alter table owner |
| Дата | |
| Msg-id | CACut7uQj7fB-pSjbtwb1DBcakUG5VOtmcPeeOf-87MbyLdkKFg@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: Issues with privileges carrying over after alter table owner
(Joe Conway <mail@joeconway.com>)
|
| Список | pgsql-admin |
we have added some default users to the template1 db so we can grant ro and rw privs as needed per owner.
For example
If I create table "yyy" as a special user with a set of privileges, the grantee and gantor data from thopse privs are there.
jorge_dev=# select * from information_schema.table_privileges where table_name = 'yyy';
grantor | grantee | table_catalog | table_schema | table_name | privilege_type | is_grantable | with_hierarchy
-----------+------------+---------------+--------------+------------+----------------+--------------+----------------
migration | read_write | jorge_dev | public | yyy | INSERT | NO | NO
migration | read_write | jorge_dev | public | yyy | SELECT | NO | YES
migration | read_write | jorge_dev | public | yyy | UPDATE | NO | NO
migration | read_write | jorge_dev | public | yyy | DELETE | NO | NO
migration | read_only | jorge_dev | public | yyy | SELECT | NO | YES
migration | migration | jorge_dev | public | yyy | INSERT | YES | NO
migration | migration | jorge_dev | public | yyy | SELECT | YES | YES
migration | migration | jorge_dev | public | yyy | UPDATE | YES | NO
migration | migration | jorge_dev | public | yyy | DELETE | YES | NO
migration | migration | jorge_dev | public | yyy | TRUNCATE | YES | NO
migration | migration | jorge_dev | public | yyy | REFERENCES | YES | NO
migration | migration | jorge_dev | public | yyy | TRIGGER | YES | NO
(12 rows)
jorge_dev=#
If I create table 'xxx' as a different user, then alter the table owner the grantor and grantee information is not carried over.
For example, this is a table created under a different user than altered to owner migration
jorge_dev=# select * from information_schema.table_privileges where table_name = 'xxx';
grantor | grantee | table_catalog | table_schema | table_name | privilege_type | is_grantable | with_hierarchy
-----------+-----------+---------------+--------------+------------+----------------+--------------+----------------
migration | migration | jorge_dev | public | xxx | INSERT | YES | NO
migration | migration | jorge_dev | public | xxx | SELECT | YES | YES
migration | migration | jorge_dev | public | xxx | UPDATE | YES | NO
migration | migration | jorge_dev | public | xxx | DELETE | YES | NO
migration | migration | jorge_dev | public | xxx | TRUNCATE | YES | NO
migration | migration | jorge_dev | public | xxx | REFERENCES | YES | NO
migration | migration | jorge_dev | public | xxx | TRIGGER | YES | NO
(7 rows)
How can we get all the privileges and grants inherited when a table owner is altered ?
--
Thanks,
Jorge Torralba
----------------------------
Note: This communication may contain privileged or other confidential information. If you are not the intended recipient, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this email in error and delete the copy you received. Thank You.
Jorge Torralba
----------------------------
Note: This communication may contain privileged or other confidential information. If you are not the intended recipient, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this email in error and delete the copy you received. Thank You.
В списке pgsql-admin по дате отправления:
Предыдущее
От: Rui DeSousaДата:
Сообщение: Re: admin control over cancelling autovacuum when blocked by a lock