Re: table_privileges view always show object owner as a grantor - Mailing list pgsql-hackers

From Laurenz Albe
Subject Re: table_privileges view always show object owner as a grantor
Date
Msg-id f102cc269bed33cca44cfcbef98526bc63eef252.camel@cybertec.at
Whole thread Raw
In response to table_privileges view always show object owner as a grantor  (Ashutosh Sharma <ashu.coek88@gmail.com>)
Responses Re: table_privileges view always show object owner as a grantor
List pgsql-hackers
Ashutosh Sharma wrote:
> I noticed that irrespective of whoever grants privileges on an object,
> it's always the object owner who is seen as a grantor in the output of
> table_privileges view.

>                             Isn't that a wrong information ? If
> incase that isn't wrong then may i know why does the postgresql
> documentation on "table_privilegs" describes grantor as "Name of the
> role that granted the privilege". Here is the documentation link for
> table_privilges view.
> 
> https://www.postgresql.org/docs/current/infoschema-table-privileges.html

Currently the grantor of a privilege is the owner if a superuser
grants a privilege on the object.

If that were not so, how would you disambiguate between privileges
granted by a superuser and privileges passed on by somebody
who has been granted the privilege WITH GRANT OPTION?

Or, with an example:
If A grants SELECT to a table WITH GRANT OPTION to B, and
B grants the privilege to C, A cannot directly revoke the
privilege from C. All A can to is revoke the privilege from
B with the CASCADE option.

This distiction would be lost if B could appear as grantor
just because he has been superuser at some time in the past
(and doesn't hold the privilege himself).

So I'd say the behavior is fine as it is, but it would not harm to
document it better (or at all).

Yours,
Laurenz Albe




pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: Enable data checksums by default
Next
From: Alvaro Herrera
Date:
Subject: Re: pgsql: Improve autovacuum logging for aggressive andanti-wraparound ru