Re: [HACKERS] drop user doesn't remove rights from tables ... - Mailing list pgsql-hackers

> david=> create user sss;
> CREATE USER
> david=> select * from pg_shadow;
> usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd|valuntil                    
> --------+--------+-----------+--------+--------+---------+------+----------------------------
> postgres|     502|t          |t       |t       |t        |      |Sat Jan 31 07:00:00 2037 CET
> david   |     501|t          |t       |t       |t        |      |                            
> sss     |     503|f          |t       |f       |t        |      |                            
> (3 rows)
> 
> david=> create table test ( i int );
> CREATE
> david=> grant all on test to sss;
> CHANGE
> david=> \z test
> Database    = david
>  +----------+--------------------------+
>  | Relation | Grant/Revoke Permissions |
>  +----------+--------------------------+
>  | test     | {"=","sss=arwR"}         |
>  +----------+--------------------------+
> david=> drop user sss; 
> DROP USER
> david=> \z test
> Database    = david
>  +----------+--------------------------+
>  | Relation | Grant/Revoke Permissions |
>  +----------+--------------------------+
>  | test     | {"=","503=arwR"}         |
>  +----------+--------------------------+
> 
> 
> All rights for user 'sss' remains there (but now identified by
> id=503). I'am not sure, if this is error, but it is dangerous.
>  ('createuser' with id=503 will grant all rights to new user)

This has been pointed out before.  Not sure how to deal with it.


--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026