Re: 8.1 release notes - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: 8.1 release notes
Date
Msg-id 200508232118.j7NLIKe09737@candle.pha.pa.us
Whole thread Raw
In response to Re: 8.1 release notes  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
Stephen Frost wrote:
-- Start of PGP signed section.
> * Bruce Momjian (pgman@candle.pha.pa.us) wrote:
> >   http://candle.pha.pa.us/main/writings/pgsql/sgml/release.html#RELEASE-8-1
> 
> Regarding E.1.3.4 (Object Manipulation Changes):
> 
> ---------
> Allow ALTER OWNER commands to be performed by the object owner as well
> as the superuser (Stephen Frost)
> 
> Prior releases only allowed super-user to change object owners, even if
> the current owner was executing the command and the new owner have
> permission to create objects of that type. 
> ---------
> 
> This isn't *quite* right and implies an ability some might frown upon
> ("giving away" objects) that isn't actually allowed by my changes.  
> How about:
> 
> ---------
> Allow ALTER OWNER commands to be performed by the object owner (Stephen
> Frost)
> 
> Prior releases only allowed a single user to own an object.  With the
> addition of role support (where a role can own an object and that role
> can have members) it's now possible for multiple users to have ownership
> rights on a given object.  ALTER OWNER has been updated to allow
> changing the ownership of an object when the user has ownership rights
> on the object, is in the new owner role, and the new owner role has 
> the right to create the object.
> ---------
> 
> Unfortunately, though there was some discussion on it, it seems that the
> new owner role must have rights to create the object even if the user
> doing the ALTER OWNER owns the schema/db in question.  This means a user
> would have to first grant create privileges to the unpriviledged role,
> change the ownership to that role, and then reokve the create privileges.
> This also means that a number of explicit 'superuser()' checks were
> added after I had worked to minimize them.  I'd still like to see the
> explicit superuser() checks removed in favor of checking schema
> ownership but I'm guessing it's too late for that now.

Good description, updated to:
       Allow limited <command>ALTER OWNER</> commands to be performed       by the object owner (Stephen Frost)
       Prior releases allowed only the super-user to change object owners,       even if the current owner was
executingthe command and the new       owner was in the same group.  With roles such transfers are now       possible.
    Allow limited <command>ALTER OWNER</> commands to be performed       by the object owner (Stephen Frost)
 
       Prior releases allowed only the super-user to change object owners,       even if the current owner was
executingthe command and the new       owner was in the same group.  With roles such transfers are now       possible.
 

> 
> Perhaps after 8.1 is released we'll get some conversation regarding
> these kinds of things which goes beyond just Tom and I.  I don't mind
> discussing it with Tom but it'd be nice to get some fresh viewpoints on
> the subject and eventually "I think it's better", "I don't like it" gets
> kind of boring and can be difficult to work past (well, except he has
> commit access and I don't... ;).

Most people don't know what roles are, but with them described in 8.1
release, we will have more people available to discuss in the future.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: 8.1 release notes
Next
From: Bruce Momjian
Date:
Subject: Re: 8.1 release notes