Ashutosh Sharma wrote:
> I noticed that irrespective of whoever grants privileges on an object,
> it's always the object owner who is seen as a grantor in the output of
> table_privileges view.
> Isn't that a wrong information ? If
> incase that isn't wrong then may i know why does the postgresql
> documentation on "table_privilegs" describes grantor as "Name of the
> role that granted the privilege". Here is the documentation link for
> table_privilges view.
>
> https://www.postgresql.org/docs/current/infoschema-table-privileges.html
Currently the grantor of a privilege is the owner if a superuser
grants a privilege on the object.
If that were not so, how would you disambiguate between privileges
granted by a superuser and privileges passed on by somebody
who has been granted the privilege WITH GRANT OPTION?
Or, with an example:
If A grants SELECT to a table WITH GRANT OPTION to B, and
B grants the privilege to C, A cannot directly revoke the
privilege from C. All A can to is revoke the privilege from
B with the CASCADE option.
This distiction would be lost if B could appear as grantor
just because he has been superuser at some time in the past
(and doesn't hold the privilege himself).
So I'd say the behavior is fine as it is, but it would not harm to
document it better (or at all).
Yours,
Laurenz Albe