Re: Bogus permissions display in 7.4 - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Bogus permissions display in 7.4
Date
Msg-id 13078.1084491825@sss.pgh.pa.us
Whole thread Raw
In response to Re: Bogus permissions display in 7.4  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: Bogus permissions display in 7.4
Re: Bogus permissions display in 7.4
List pgsql-hackers
Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane wrote:
>> I think the printout format is fine and the silent non-removal of
>> grant options was a bad idea, particularly since it doesn't seem to
>> be saving any code (GRANT/REVOKE check ownerness anyway).  I propose
>> that we take out the special cases in merge_acl_with_grant that
>> prohibit revoking an owner's grant options, and instead adjust the
>> grant statement code to act as if those options are always present. 

> Sounds good.

If you like that, I have a further suggestion, which is to not include
the owner's grant options in the default ACL, either.  This would not
affect the behavior given the above changes; what it would do is reduce
clutter in the ACL display.  Right now, if user miriam does

create table mytable(f int);
grant select on mytable to public;
\z mytable

she'll see
Schema |  Name   | Type  |            Access privileges
--------+---------+-------+------------------------------------------public | mytable | table |
{miriam=a*r*w*d*R*x*t*/miriam,=r/miriam}

Changing the default ACL would take this down to
public | mytable | table | {miriam=arwdRxt/miriam,=r/miriam}

which seems usefully more readable to me.  Comments?
        regards, tom lane


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: database errors
Next
From: Michael Brusser
Date:
Subject: Re: database errors