Postgres Pro
Downloads
Home   >   mailing lists

BUG #6728: revoke grant cascade behaviour - Mailing list pgsql-bugs

From dmg@uvic.ca
Subject BUG #6728: revoke grant cascade behaviour
Date
Msg-id E1Sp1oX-0004oR-6M@wrigleys.postgresql.org
Whole thread Raw
Responses Re: BUG #6728: revoke grant cascade behaviour
List pgsql-bugs
Tree view 
The following bug has been logged on the website:

Bug reference:      6728
Logged by:          daniel german
Email address:      dmg@uvic.ca
PostgreSQL version: 9.1.4
Operating system:   Linux (Ubuntu)
Description:=20=20=20=20=20=20=20=20

Hi there,

I am trying to understand how postgresql implements REVOKE GRANT ...
CASCADE

First the scenario:

We have the default user, and five roles (a, b, m, x, y). user belongs to
all.

Consider the following code:


set session role none;
drop table sailors;
create table sailors (a int);
select * from user;
grant select on sailors to a with grant option;
grant select on sailors to b with grant option;
set session role b;
grant select on sailors to m with grant option;
set session role a;
grant select on sailors to m with grant option;
set session role none;
\dp
set session role m;
grant select on sailors to x;
grant select on sailors to y;
set session role none;
select * from information_schema.column_privileges where table_name =3D
'sailors' and column_name =3D 'a';
\dp
set session role a;
revoke select on sailors from m cascade;
set session role none;
select * from information_schema.column_privileges where table_name =3D
'sailors' and column_name =3D 'a';
\dp

What I am surprised is that m keeps the proviledge (via b) but x and y have
lost it. See below). is that the way it is supposed to be?

thank you for your time,

--daniel

temp=3D# select * from information_schema.column_privileges where table_nam=
e =3D
'sailors' and column_name =3D 'a';
 grantor | grantee | table_catalog | table_schema | table_name | column_name
| privilege_type | is_grantable=20
---------+---------+---------------+--------------+------------+-----------=
--+----------------+--------------
 dmg     | dmg     | temp          | public       | sailors    | a=20=20=20=
=20=20=20=20=20=20=20
| UPDATE         | YES
 dmg     | dmg     | temp          | public       | sailors    | a=20=20=20=
=20=20=20=20=20=20=20
| SELECT         | YES
 dmg     | dmg     | temp          | public       | sailors    | a=20=20=20=
=20=20=20=20=20=20=20
| REFERENCES     | YES
 dmg     | dmg     | temp          | public       | sailors    | a=20=20=20=
=20=20=20=20=20=20=20
| INSERT         | YES
 dmg     | a       | temp          | public       | sailors    | a=20=20=20=
=20=20=20=20=20=20=20
| SELECT         | YES
 dmg     | b       | temp          | public       | sailors    | a=20=20=20=
=20=20=20=20=20=20=20
| SELECT         | YES
 b       | m       | temp          | public       | sailors    | a=20=20=20=
=20=20=20=20=20=20=20
| SELECT         | YES

pgsql-bugs by date:

Previous
From: Patrick Tucker
Date:
Subject: Re: BUG #6727: Column does not exist exception has no error code
Next
From: Patrick Tucker
Date:
Subject: Re: BUG #6727: Column does not exist exception has no error code