Re: column level privilages error - Mailing list pgadmin-support

From bdmytrak@eranet.pl
Subject Re: column level privilages error
Date
Msg-id 1732667659.55.1327958368737.JavaMail.omnix05@wlas1
Whole thread Raw
In response to column level privilages error  ("bdmytrak@eranet.pl" <bdmytrak@eranet.pl>)
Responses Re: column level privilages error
List pgadmin-support
You handle it somehow for tables (there is no privilage tab in table properies when You cannot change privilages). I suppose it is done based on ACL for table.
This behaviour is not symmetric - works on tables and does not work on columns. It leads to misunderstandings, just like in my case. I was sure privilages has been granted (no error/warning message has been displayed). 

I also think it is possible to recognize user ability to change column level privilages based on ACL (WITH GRANT - signed as star in ACL).
If the user has privilages WITH GRANT OPTION, eg. 
GRANT UPDATE, INSERT, DELETE, REFERENCES, TRIGGER ON TABLE public."tblTest" TO user;
GRANT SELECT ON TABLE public."tblTest" TO user WITH GRANT OPTION;
he is allowed to grant select on columns of this table for another user. Interesting thing is that, when You (as "user" from my example) try to execute:
GRANT ALL("Column1") ON public."tblTest" TO public;
then only SELECT privilage on "Column1" is granted - as it is expected based on "user" privilages.

BTW PostgreSQL generates NOTICE for auto creation of sequence for pseudo-type serial not WARNING, so maybe it is good idea to treat WARNINGS in the same way as ERRORS?

Hope You will find elegant solution.

Regards,
Bartek


--- Oryginalna wiadomość ---

Od: Guillaume Lelarge [mailto: guillaume@lelarge.info]
Wysłane: Monday, January 30, 2012 05:17 PM
Do: bdmytrak@eranet.pl
Kopia: pgadmin-support@postgresql.org
Temat: Re: [pgadmin-support] column level privilages error
On Mon, 2012-01-30 at 13:13 +0100, bdmytrak@eranet.pl wrote:
> PostgreSQL provides Error code 01007 (privilege_not_granted) and 01006
> (privilege_not_revoked), is it possible to handle these exceptions?

We never use the error codes. We simply display the error messages from
the server.

And doing an exception for some error codes doesn't seem a good idea.

> I am not sure if codes are used at present (according to
> documentation: "Some are not actually used at present, but are defined
> by the SQL standard." source:
> http://www.postgresql.org/docs/9.1/static/errcodes-appendix.html).
>
>
> Or simply remove this tab (like on table level) if user is not allowed
> to change privilages...

Well, it would be great to be able to use the privileges and make sure
the user cannot do something in the UI that he's not allowed on the
server. When someone will want to do something like this, he'll need to
have a complete patch. Not only the column level privileges. And it
would be a major work AFAICT.


--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com
PostgreSQL Sessions #3: http://www.postgresql-sessions.org


--
Sent via pgadmin-support mailing list (pgadmin-support@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-support

pgadmin-support by date:

Previous
From: Guillaume Lelarge
Date:
Subject: Re: column level privilages error
Next
From: Guillaume Lelarge
Date:
Subject: Re: column level privilages error