Home > mailing lists

Re: BUG #1114: REVOKE done by non-privileged user claims success - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #1114: REVOKE done by non-privileged user claims success
Date	March 24, 2004 15:15:00
Msg-id	18951.1080144860@sss.pgh.pa.us Whole thread Raw
In response to	BUG #1114: REVOKE done by non-privileged user claims success ("PostgreSQL Bugs List" <pgsql-bugs@postgresql.org>)
Responses	Re: BUG #1114: REVOKE done by non-privileged user claims success
List	pgsql-bugs

Tree view

"PostgreSQL Bugs List" <pgsql-bugs@postgresql.org> writes:
> When REVOKE is used on an object for which the current user does not have
> GRANT privilege, the operation fails but "REVOKE" is returned as if it had
> succeeded:

Looking at the code, this seems to be intentional, because the privilege
check is not made for revokes only for grants:

        if (stmt->is_grant
            && !pg_class_ownercheck(relOid, GetUserId())
            && pg_class_aclcheck(relOid, GetUserId(),
                                 ACL_GRANT_OPTION_FOR(privileges)) != ACLCHECK_OK)
            aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS, relvar->relname);

Peter, do you remember why you did it that way?

            regards, tom lane

pgsql-bugs by date:

From: Tom Lane
Date: 24 March 2004, 14:55:51
Subject: Re: BUG #1113: Default template databases grant CREATE to PUBLIC

From: Tom Lane
Date: 24 March 2004, 15:34:29
Subject: Re: BUG #1113: Default template databases grant CREATE to PUBLIC

Re: BUG #1114: REVOKE done by non-privileged user claims success - Mailing list pgsql-bugs

Previous

Next