Hi All,
I noticed that irrespective of whoever grants privileges on an object,
it's always the object owner who is seen as a grantor in the output of
table_privileges view. As an example, consider the following case.
create user u1;
create user u2 with superuser;
create user u3;
\c postgres u1
create table t1(a integer);
\c postgres u2
grant select on t1 to u3; -- it's u2 who is granting select privileges
on t1 to u3
\c postgres u3
select * from table_privileges where table_name = 't1';
postgres=# \c postgres u3
You are now connected to database "postgres" as user "u3".
postgres=> select * from information_schema.table_privileges where
table_name = 't1';
grantor | grantee | table_catalog | table_schema | table_name |
privilege_type | is_grantable | with_hierarchy
---------+---------+---------------+--------------+------------+----------------+--------------+----------------
u1 | u3 | postgres | public | t1 |
SELECT | NO | YES
(1 row)
postgres=> select * from t1;
a
---
(0 rows)
Above output of table_privilges shows 'u1' (who is the object owner of
t1) as a grantor instead of u2. Isn't that a wrong information ? If
incase that isn't wrong then may i know why does the postgresql
documentation on "table_privilegs" describes grantor as "Name of the
role that granted the privilege". Here is the documentation link for
table_privilges view.
https://www.postgresql.org/docs/current/infoschema-table-privileges.html
--
With Regards,
Ashutosh Sharma
EnterpriseDB:http://www.enterprisedb.com
