Re: Owner's grant options not visible - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Owner's grant options not visible
Date
Msg-id 1103.1187878520@sss.pgh.pa.us
Whole thread Raw
In response to Owner's grant options not visible  (Peter Eisentraut <peter_e@gmx.net>)
List pgsql-hackers
Peter Eisentraut <peter_e@gmx.net> writes:
> Between 7.4 and 8.0, the owner's grant options were removed from the 
> aclitem display.

Yeah, that was intentional, because the way we were doing it was wrong
and caused behavioral bugs.  The owner's grant options have to be
treated as being granted to him by "the system", ie some external force.
IIRC the spec suggests actually having a reserved role _SYSTEM and
treating the owner's options as being granted to him by _SYSTEM,
but IMHO that just leads to circularity: where did _SYSTEM get the
rights from?  The way we do it now is just to make aclcheck() and
friends assume that the owner always has grant options, regardless of
whether they're explicitly mentioned in an ACL list.

> The information schema shows obviously inaccurate data now,

The correct fix is probably to insert an equivalent assumption into the
information_schema code.  Not sure of the cleanest way to do that.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Teodor Sigaev
Date:
Subject: Re: ispell file format
Next
From: Tom Lane
Date:
Subject: Re: [COMMITTERS] pgsql: Add configure option --with-system-tzdata to use operating system