Re: [PATCHES] Users/Groups -> Roles - Mailing list pgsql-hackers

From Tom Lane
Subject Re: [PATCHES] Users/Groups -> Roles
Date
Msg-id 2488.1119997559@sss.pgh.pa.us
Whole thread Raw
In response to Re: [PATCHES] Users/Groups -> Roles  (Stephen Frost <sfrost@snowman.net>)
Responses Re: [PATCHES] Users/Groups -> Roles
List pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes:
> * Bruno Wolff III (bruno@wolff.to) wrote:
>> Creating objects in particular schemas or databases is not something that
>> all roles may be able to do.

> Yeah, I'm not entirely sure what I think about this issue.

We have a precedent, which is that RENAME checks for create rights.
If you want to lean on the argument that this is just a shortcut for
dropping the object and then recreating it somewhere else, then you
need (a) the right to drop the object --- which is inherent in being
the old owner, and (b) the right to create the new object, which means
that (b1) you can become the role you wish to have owning the object,
and (b2) *as that role* you would have the rights needed to create the
object.

Stephen's original analysis covers (a) and (b1) but not (b2).  With (b2)
I'd agree that it's just a useful shortcut.

I don't see a need to treat SECURITY DEFINER functions as
superuser-only.  We've had that facility since 7.3 or so and no one
has complained that it's too dangerous.
        regards, tom lane


pgsql-hackers by date:

Previous
From: "Jonah H. Harris"
Date:
Subject: Re: Implementing SQL/PSM for PG 8.2 - debugger
Next
From: "Denis Lussier"
Date:
Subject: Re: Implementing SQL/PSM for PG 8.2 - debugger