Re: Remove default privilege from DB - Mailing list pgsql-general

From Stephen Frost
Subject Re: Remove default privilege from DB
Date
Msg-id 20180216155924.GJ2416@tamriel.snowman.net
Whole thread Raw
In response to Re: Remove default privilege from DB  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Remove default privilege from DB
List pgsql-general
Tom,

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > * David G. Johnston (david.g.johnston@gmail.com) wrote:
> >> ​Not sure if this is what you mean but there is no concept of "negative
> >> state" in the permissions system.  Everything starts out with no
> >> permissions.  Grant adds permissions and revoke un-adds granted
> >> permissions.​  Revoking something that doesn't exist is either a no-op or a
> >> warning depending on the context - either way its doesn't setup a
> >> "forbidden" state for the permission.
>
> > This isn't entirely correct.  Functions are the classic example where
> > EXECUTE to PUBLIC is part of the default and the "negative" state of
> > having a function where EXECUTE is REVOKE'd from PUBLIC is entirely
> > reasonable and even common.
>
> FWIW, I thought David's description was fine.  The fact that the initial
> state of an object typically includes some positive grants doesn't change
> the fact that there's no such thing as a negative grant.  In particular,
> if there is a GRANT TO PUBLIC, no amount of revoking that privilege from
> individual users will have any effect, because the public grant is still
> there.

What I was particularly picking up on was the comment that "Everything
starts out with no permissions" which implied, at least to me, the idea
that no one has any rights on an object until those rights are GRANT'd,
which isn't correct, as I described.

Thanks!

Stephen

Attachment

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Remove default privilege from DB
Next
From: Melvin Davidson
Date:
Subject: Re: Database health check/auditing