Theoretically same kind of problem should arise even if the privilege is
granted to a user also.
To be specific I would like know the answers for the following Q's
Scenario 1:
===========
User A grants privilege to group B with grant option.
User C who is in group B grants privilege to user D
If super user removes the user C from the group, then who is the grantee for
the user D? And who can revoke revoke the privileges from user D?
Scenario 2:
===========
User A grants privilege to group 'B' and 'Z' with grant option.
User C who is in group 'B' and 'Z' grants privilege to user D.
If user C removed from the group 'B' then who will be the grantee for user
'D'? And who can revoke revoke the privileges from user D?
If user C is removed from both the groups then who will be the grantee for
the user? And who can revoke revoke the privileges from user D?
Thanks & Regards,
Ramu
-----Original Message-----
From: Peter Eisentraut [mailto:peter_e@gmx.net]
Sent: Friday, January 09, 2004 8:11 PM
To: Potuganti Ramu; pgsql-hackers@postgresql.org
Subject: Re: [HACKERS] "with grant option" for user groups.
> Following statement says that "with grant option" is not allowed to a user
> group. I would like to know what the reasons behind not implementing
> this kind of feature.
Consider the following sequence of steps:
in database 1:
user A grants privilege to group B with grant option
user C who is in group B grants privilege to user D
in database 2:
superuser removes user C from group B
--> user D still has the privilege, because superuser doesn't have access to
database 1 from his session
If you can live with this problem, then you can remove the check from the
source code and it should work.
