Обсуждение: Reset permissions on table
Hi By default there is no permissions on table (\dp return 0 row) If I make a GRANT, doing a REVOKE will not get me in the 'default' state How to return in the default state, where permission are 'inherited' from owner. Thanks in advance
ZXRpZW5uZSBjaGFtcGV0aWVyIHdyb3RlOg0KPiBCeSBkZWZhdWx0IHRoZXJlIGlzIG5vIHBlcm1p c3Npb25zIG9uIHRhYmxlIChcZHAgcmV0dXJuIDAgcm93KQ0KPiBJZiBJIG1ha2UgYSBHUkFOVCwg ZG9pbmcgYSBSRVZPS0Ugd2lsbCBub3QgZ2V0IG1lIGluIHRoZSAnZGVmYXVsdCcgc3RhdGUNCj4g DQo+IEhvdyB0byByZXR1cm4gaW4gdGhlIGRlZmF1bHQgc3RhdGUsIHdoZXJlIHBlcm1pc3Npb24g YXJlICdpbmhlcml0ZWQnIGZyb20gb3duZXIuDQoNClxkcCBzaG91bGQgcmV0dXJuIGEgcm93IGZv ciBlYWNoIHRhYmxlIGluDQp5b3VyIHNlYXJjaF9wYXRoLg0KDQpJIGFzc3VtZSB0aGF0IHlvdSBh cmUgcmVmZXJyaW5nIHRvIHRoZSBlbXB0eQ0KIkFjY2VzcyBwcml2aWxlZ2VzIiBjb2x1bW4uDQoN CkFmdGVyIGdyYW50aW5nIGFuZCByZXZva2luZyBhIHByaXZpbGVnZSwgdGhlIHZhbHVlDQpzaG93 ZCBiZSAib3duZXI9YXJ3ZER4dC9vd25lciIgKHdoZXJlICJvd25lciIgaXMNCnRoZSB1c2VyIHRo YXQgb3ducyB0aGUgdGFibGUpLg0KDQpUaGlzIGlzIHRoZSBkZWZhdWx0IHZhbHVlOiB0aGUgb3du ZXIgaGFzIGFsbA0KcHJpdmlsZWdlcyBhbmQgbm9ib2R5IGVsc2UgaGFzIGFueS4NCg0KSXQgZG9l cyBub3QgbWF0dGVyIGlmIHRoZSBBQ0wgaXMgbGVmdCBlbXB0eQ0KKGl0IGNvbnRhaW5zIGEgTlVM TCB2YWx1ZSBpbml0aWFsbHkpIG9yIGlmDQppdCBjb250YWlucyB0aGUgZGVmYXVsdCBleHBsaWNp dGx5Lg0KDQpZb3VycywNCkxhdXJlbnogQWxiZQ0KDQoNCg==
----- Mail original ----- > De: "Albe Laurenz" <laurenz.albe@wien.gv.at> > =C3=80: "etienne.champetier@free.fr *EXTERN*" <etienne.champetier@free.fr= >, pgsql-general@postgresql.org > Envoy=C3=A9: Vendredi 15 F=C3=A9vrier 2013 13:25:14 > Objet: RE: [GENERAL] Reset permissions on table >=20 > etienne champetier wrote: > > By default there is no permissions on table (\dp return 0 row) > > If I make a GRANT, doing a REVOKE will not get me in the 'default' > > state > >=20 > > How to return in the default state, where permission are > > 'inherited' from owner. >=20 > \dp should return a row for each table in > your search_path. Sorry, i meant \dp <table-name> and it effectively return 1 row per table (= mistype ...) >=20 > I assume that you are referring to the empty > "Access privileges" column. >=20 > After granting and revoking a privilege, the value > showd be "owner=3DarwdDxt/owner" (where "owner" is > the user that owns the table). >=20 > This is the default value: the owner has all > privileges and nobody else has any. >=20 > It does not matter if the ACL is left empty > (it contains a NULL value initially) or if > it contains the default explicitly. If i do a GRANT and a REVOKE, i loose access to the table. \dp <table-name> return the same thing but before GRANT it's NULL and after= REVOKE it's not. It matter when you want to change owner and you forgot this table where the= re is explicit right. >=20 > Yours, > Laurenz Albe >=20 Thanks for your quick answer
ZXRpZW5uZSBjaGFtcGV0aWVyIHdyb3RlOg0KPj4+IEJ5IGRlZmF1bHQgdGhlcmUgaXMgbm8gcGVy bWlzc2lvbnMgb24gdGFibGUgKFxkcCByZXR1cm4gMCByb3cpDQo+Pj4gSWYgSSBtYWtlIGEgR1JB TlQsIGRvaW5nIGEgUkVWT0tFIHdpbGwgbm90IGdldCBtZSBpbiB0aGUgJ2RlZmF1bHQnDQo+Pj4g c3RhdGUNCj4+Pg0KPj4+IEhvdyB0byByZXR1cm4gaW4gdGhlIGRlZmF1bHQgc3RhdGUsIHdoZXJl IHBlcm1pc3Npb24gYXJlDQo+Pj4gJ2luaGVyaXRlZCcgZnJvbSBvd25lci4NCj4+DQo+PiBcZHAg c2hvdWxkIHJldHVybiBhIHJvdyBmb3IgZWFjaCB0YWJsZSBpbg0KPj4geW91ciBzZWFyY2hfcGF0 aC4NCj4gDQo+IFNvcnJ5LCBpIG1lYW50IFxkcCA8dGFibGUtbmFtZT4gYW5kIGl0IGVmZmVjdGl2 ZWx5IHJldHVybiAxIHJvdyBwZXIgdGFibGUgKG1pc3R5cGUgLi4uKQ0KPiANCj4+IEkgYXNzdW1l IHRoYXQgeW91IGFyZSByZWZlcnJpbmcgdG8gdGhlIGVtcHR5DQo+PiAiQWNjZXNzIHByaXZpbGVn ZXMiIGNvbHVtbi4NCj4+DQo+PiBBZnRlciBncmFudGluZyBhbmQgcmV2b2tpbmcgYSBwcml2aWxl Z2UsIHRoZSB2YWx1ZQ0KPj4gc2hvd2QgYmUgIm93bmVyPWFyd2REeHQvb3duZXIiICh3aGVyZSAi b3duZXIiIGlzDQo+PiB0aGUgdXNlciB0aGF0IG93bnMgdGhlIHRhYmxlKS4NCj4+DQo+PiBUaGlz IGlzIHRoZSBkZWZhdWx0IHZhbHVlOiB0aGUgb3duZXIgaGFzIGFsbA0KPj4gcHJpdmlsZWdlcyBh bmQgbm9ib2R5IGVsc2UgaGFzIGFueS4NCj4+DQo+PiBJdCBkb2VzIG5vdCBtYXR0ZXIgaWYgdGhl IEFDTCBpcyBsZWZ0IGVtcHR5DQo+PiAoaXQgY29udGFpbnMgYSBOVUxMIHZhbHVlIGluaXRpYWxs eSkgb3IgaWYNCj4+IGl0IGNvbnRhaW5zIHRoZSBkZWZhdWx0IGV4cGxpY2l0bHkuDQo+IA0KPiBJ ZiBpIGRvIGEgR1JBTlQgYW5kIGEgUkVWT0tFLCBpIGxvb3NlIGFjY2VzcyB0byB0aGUgdGFibGUu DQo+IFxkcCA8dGFibGUtbmFtZT4gcmV0dXJuIHRoZSBzYW1lIHRoaW5nIGJ1dCBiZWZvcmUgR1JB TlQgaXQncyBOVUxMIGFuZCBhZnRlciBSRVZPS0UgaXQncyBub3QuDQo+IA0KPiBJdCBtYXR0ZXIg d2hlbiB5b3Ugd2FudCB0byBjaGFuZ2Ugb3duZXIgYW5kIHlvdSBmb3Jnb3QgdGhpcyB0YWJsZSB3 aGVyZSB0aGVyZSBpcyBleHBsaWNpdCByaWdodC4NCg0KSSBkb24ndCB1bmRlcnN0YW5kIC0gaXQg c2VlbXMgdG8gd29yayBmb3IgbWU6DQoNCkNSRUFURSBUQUJMRSB0ZXN0KGlkIGludGVnZXIgUFJJ TUFSWSBLRVkpOw0KDQpcZHAgdGVzdA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgQWNjZXNz IHByaXZpbGVnZXMNCiBTY2hlbWEgIHwgTmFtZSB8IFR5cGUgIHwgQWNjZXNzIHByaXZpbGVnZXMg fCBDb2x1bW4gYWNjZXNzIHByaXZpbGVnZXMNCi0tLS0tLS0tLSstLS0tLS0rLS0tLS0tLSstLS0t LS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQogbGF1cmVueiB8IHRl c3QgfCB0YWJsZSB8ICAgICAgICAgICAgICAgICAgIHwNCigxIHJvdykNCg0KUkVWT0tFIFNFTEVD VCBPTiB0ZXN0IEZST00gZ2Vvcmc7DQoNClxkcCB0ZXN0DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBBY2Nlc3MgcHJpdmlsZWdlcw0KIFNjaGVtYSAgfCBOYW1lIHwgVHlwZSAgfCAgICBB Y2Nlc3MgcHJpdmlsZWdlcyAgICB8IENvbHVtbiBhY2Nlc3MgcHJpdmlsZWdlcw0KLS0tLS0tLS0t Ky0tLS0tLSstLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0NCiBsYXVyZW56IHwgdGVzdCB8IHRhYmxlIHwgbGF1cmVuej1hcndkRHh0L2xh dXJlbnogfA0KKDEgcm93KQ0KDQpUaGVzZSBhcmUgdGhlIGRlZmF1bHQgcHJpdmlsZWdlcy4NCg0K QUxURVIgVEFCTEUgdGVzdCBPV05FUiBUTyBnZW9yZzsNCg0KXGRwIHRlc3QNCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICBBY2Nlc3MgcHJpdmlsZWdlcw0KIFNjaGVtYSAgfCBOYW1lIHwgVHlw ZSAgfCAgQWNjZXNzIHByaXZpbGVnZXMgIHwgQ29sdW1uIGFjY2VzcyBwcml2aWxlZ2VzDQotLS0t LS0tLS0rLS0tLS0tKy0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tDQogbGF1cmVueiB8IHRlc3QgfCB0YWJsZSB8IGdlb3JnPWFyd2REeHQvZ2Vv cmcgfA0KKDEgcm93KQ0KDQpUaGUgdGFibGUgc3RpbGwgaGFzIHRoZSBkZWZhdWx0IHByaXZpbGVn ZXMsDQpidXQgbm93IGl0IGJlbG9uZ3MgdG8gImdlb3JnIi4NCg0KTWF5YmUgeW91IGNhbiBpbGx1 c3RyYXRlIHlvdXIgcHJvYmxlbSB3aXRoIGFuIGV4YW1wbGUuDQoNCllvdXJzLA0KTGF1cmVueiBB bGJlDQo=
On 02/15/2013 05:02 AM, etienne.champetier@free.fr wrote: > > > If i do a GRANT and a REVOKE, i loose access to the table. > \dp <table-name> return the same thing but before GRANT it's NULL and after REVOKE it's not. > > It matter when you want to change owner and you forgot this table where there is explicit right. If it is a matter of finding who the table owner is then do: \dt table_name > >> >> Yours, >> Laurenz Albe >> > Thanks for your quick answer > > -- Adrian Klaver adrian.klaver@gmail.com