BUG #6421: Revoke column level privilage - Mailing list pgsql-bugs
From | bdmytrak@eranet.pl |
---|---|
Subject | BUG #6421: Revoke column level privilage |
Date | |
Msg-id | E1RrzoX-0005KH-U2@wrigleys.postgresql.org Whole thread Raw |
Responses |
Re: BUG #6421: Revoke column level privilage
(Tom Lane <tgl@sss.pgh.pa.us>)
|
List | pgsql-bugs |
The following bug has been logged on the website: Bug reference: 6421 Logged by: Bartosz Dmytrak Email address: bdmytrak@eranet.pl PostgreSQL version: 9.1.2 Operating system: Mandriva 2011 64 bit Description:=20=20=20=20=20=20=20=20 Cannot revoke column level privilages. Scenario: 1. as =E2=80=9Epostgres=E2=80=9D user create a test table: CREATE TABLE public."tblTest" ( "RowId" serial NOT NULL, "Column1" text, "Column2" integer, "Column3" integer, CONSTRAINT "tblTest_pkey" PRIMARY KEY ("RowId") ) WITH ( OIDS=3DFALSE ); ALTER TABLE public."tblTest" OWNER TO postgres; GRANT ALL ON TABLE public."tblTest" TO postgres; 2. Grant privilages to different user, still using postgres acount: GRANT UPDATE, INSERT, DELETE, REFERENCES, TRIGGER ON TABLE public."tblTest" TO "otherUser"; GRANT SELECT ON TABLE public."tblTest" TO "otherUser" WITH GRANT OPTION; 3. Check privilages (assumption: there is the only one table named =E2=80= =9CtblTest=E2=80=9D in the database): SELECT oid, relname, relacl FROM pg_class WHERE relname =3D 'tblTest'; oid | relname | relacl=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 -------+---------+-------------------------------------------------------- 36385 | tblTest | {postgres=3DarwdDxt/postgres,otherUser=3Dar*wdxt/postgre= s} (1 row) and also for columns: SELECT attrelid, attname, attacl FROM pg_attribute a INNER JOIN pg_class c ON (a.attrelid =3D c.oid) WHERE c.relname =3D 'tblTest'; attrelid | attname | attacl=20 ----------+----------+-------- 36385 | tableoid |=20 36385 | cmax |=20 36385 | xmax |=20 36385 | cmin |=20 36385 | xmin |=20 36385 | ctid |=20 36385 | RowId |=20 36385 | Column1 |=20 36385 | Column2 |=20 36385 | Column3 |=20 (10 rows) Everything looks good. 4. login as =E2=80=9CotherUser=E2=80=9D and add column level privilages myDatabase=3D> GRANT ALL("Column1") ON public."tblTest" TO public; GRANT 5. Check privilages again (as postgres) myDatabase=3D# SELECT oid, relname, relacl FROM pg_class WHERE relname =3D 'tblTest'; oid | relname | relacl=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 -------+---------+-------------------------------------------------------- 36385 | tblTest | {postgres=3DarwdDxt/postgres,otherUser=3Dar*wdxt/postgre= s} (1 row) myDatabase=3D# SELECT attrelid, attname, attacl FROM pg_attribute a INNER JOIN pg_class c ON (a.attrelid =3D c.oid) WHERE c.relname =3D 'tblTest'; attrelid | attname | attacl=20=20=20=20=20 ----------+----------+---------------- 36385 | tableoid |=20 36385 | cmax |=20 36385 | xmax |=20 36385 | cmin |=20 36385 | xmin |=20 36385 | ctid |=20 36385 | RowId |=20 36385 | Column1 | {=3Dr/otherUser} 36385 | Column2 |=20 36385 | Column3 |=20 (10 rows) Still looks good. 6. REVOKE Column level privilages from public on table using =E2=80=9Cpostg= res=E2=80=9D account: myDatabase=3D# REVOKE ALL("Column1") ON public."tblTest" FROM public; REVOKE 7. Check column privilages (as postgres): myDatabase=3D# SELECT attrelid, attname, attacl FROM pg_attribute a INNER JOIN pg_class c ON (a.attrelid =3D c.oid) WHERE c.relname =3D 'tblTest'; attrelid | attname | attacl=20=20=20=20=20 ----------+----------+---------------- 36385 | tableoid |=20 36385 | cmax |=20 36385 | xmax |=20 36385 | cmin |=20 36385 | xmin |=20 36385 | ctid |=20 36385 | RowId |=20 36385 | Column1 | {=3Dr/otherUser} 36385 | Column2 |=20 36385 | Column3 |=20 (10 rows) or using \dp command: myDatabase=3D# \dp public."tblTest" Access privileges Schema | Name | Type | Access privileges | Column access privileges=20 --------+---------+-------+----------------------------+-------------------= ------- public | tblTest | table | postgres=3DarwdDxt/postgres +| Column1:=20=20= =20=20=20=20=20=20=20=20=20 + | | | otherUser=3Dar*wdxt/postgres | =3Dr/otherUser (1 row) Looks like privilages has not been revoked. regards, Bartek
pgsql-bugs by date: