Re: why restrict role "public" but not "Public"? - Mailing list pgsql-hackers

From Alvaro Herrera
Subject Re: why restrict role "public" but not "Public"?
Date
Msg-id 1282691873-sup-6899@alvh.no-ip.org
Whole thread Raw
In response to Re: why restrict role "public" but not "Public"?  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: why restrict role "public" but not "Public"?
List pgsql-hackers
Excerpts from Tom Lane's message of mar ago 24 19:04:14 -0400 2010:
> Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> > I just noticed that we restrict creation of a role named "public", but
> > this is case-sensitive -- i.e. we don't restrict roles named PUBLIC,
> > etc.
> 
> > Is this intended?
> 
> Yes.  If you had a role named that, you might think that
>     GRANT whatever TO PUBLIC
> should refer to that role.

HoweverGRANT whatever TO "Public"
is allowed?  Seems inconsistent.  My point is that we allow others, not
that we disallow that one.

The reason I'm asking is that I'm trying to allow "public" to be passed
to has_table_privileges(), and have it check for the PUBLIC pseudo-role.
Originally I had coded it using pg_strcasecmp() on the grounds that any
case should refer to this.  However, if "Public" and other combinations
are allowed, only lowercase "public" would work as input for that
function; using any uppercase letter would mean that it'd refer to a
role named like that.

It seems a complicated rule to document.  Seems better to just disallow
creating a role "public" regardless of case.

-- 
Álvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: why restrict role "public" but not "Public"?
Next
From: Tom Lane
Date:
Subject: Re: why restrict role "public" but not "Public"?