Home > mailing lists

Re: [BUGS] Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: [BUGS] Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped)
Date	May 4, 2007 20:54:16
Msg-id	20070504205407.GO1504@tamriel.snowman.net Whole thread Raw
In response to	Re: [BUGS] Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) (Alvaro Herrera <alvherre@commandprompt.com>)
Responses	Re: [BUGS] Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

* Alvaro Herrera (alvherre@commandprompt.com) wrote:
> Ah, here it is, 12.7 <revoke statement>.  It says that if role revokes
> another role from a third role, it will only remove the privileges that
> were granted by him, not someone else.

Hmm.  I'm not sure, but that may have been a case where it was generally
decided that the spec was somewhat braindead in this fashion (it seems
so in my personal view of this, honestly...).  To issue a revoke and
have it not work would be kind of concerning.  If we do end up following
this path we should emit a warning (at least...) if the user still has
the rights which are being revoked, even if through someone else.
Perhaps that also implies that tracking the grantor is unnecessary.
Thanks,
    Stephen

pgsql-hackers by date:

From: Alvaro Herrera
Date: 04 May 2007, 20:45:14
Subject: Re: [BUGS] Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped)

From: Tom Lane
Date: 04 May 2007, 21:32:01
Subject: Re: [BUGS] Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped)

Re: [BUGS] Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) - Mailing list pgsql-hackers

Previous

Next