Thread: create table permission

create table permission

From
bertdd@lumumba.luc.ac.be
Date:
How can I give SELECT privileges to a table of a database without giving
CREATE TABLE privileges to that database ?

Bert De Decker


Re: create table permission

From
Bruce Momjian
Date:
bertdd@lumumba.luc.ac.be wrote:
> How can I give SELECT privileges to a table of a database without giving
> CREATE TABLE privileges to that database ?

You can't.  In 7.3, you will be able to.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

Re: create table permission

From
Heni Lolov
Date:
Hi,

This is the nost stupid thing in PostgreSQL, but there is no CREATE TABLE
privilege :(((((((
Everybody CAN create tables. Unfortunately it will not be inplemented even in
Pg 7.3 according to TODO list. The developers do not consider it as important
feature. In my opinion this is the most obvious security hole in PostgreSQL.
Really Stupid but FACT!!!!!

HEY PEOPLE WILL YOU EVER FIX IT?

Hal

--- bertdd@lumumba.luc.ac.be wrote:
> How can I give SELECT privileges to a table of a database without giving
> CREATE TABLE privileges to that database ?
>
> Bert De Decker
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: create table permission

From
Rasmus Mohr
Date:
What 'bout:

REVOKE ALL ON "table_name" FROM PUBLIC;
GRANT ALL ON "table_name" TO "postgres";
GRANT SELECT ON "table_name" TO "select_user";

???

--------------------------------------------------------------
Rasmus T. Mohr            Direct  :             +45 36 910 122
Application Developer     Mobile  :             +45 28 731 827
Netpointers Intl. ApS     Phone   :             +45 70 117 117
Vestergade 18 B           Fax     :             +45 70 115 115
1456 Copenhagen K         Email   : mailto:rmo@netpointers.com
Denmark                   Website : http://www.netpointers.com

"Remember that there are no bugs, only undocumented features."
--------------------------------------------------------------

> -----Original Message-----
> From: pgsql-admin-owner@postgresql.org
> [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Heni Lolov
> Sent: Wednesday, June 19, 2002 10:17 AM
> To: pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] create table permission
>
>
> Hi,
>
> This is the nost stupid thing in PostgreSQL, but there is no
> CREATE TABLE
> privilege :(((((((
> Everybody CAN create tables. Unfortunately it will not be
> inplemented even in
> Pg 7.3 according to TODO list. The developers do not consider
> it as important
> feature. In my opinion this is the most obvious security hole
> in PostgreSQL.
> Really Stupid but FACT!!!!!
>
> HEY PEOPLE WILL YOU EVER FIX IT?
>
> Hal
>
> --- bertdd@lumumba.luc.ac.be wrote:
> > How can I give SELECT privileges to a table of a database
> without giving
> > CREATE TABLE privileges to that database ?
> >
> > Bert De Decker
> >
> >
> > ---------------------------(end of
> broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>
>

Re: create table permission

From
Heni Lolov
Date:
What about
a cycle taht does:
create table table1(....);
create table table2(....);
....................
create table tableN(....);

and another:
insert into table1 values(.....);
insert into table2 values(.....);
....................
insert into tablen values(.....);

And so on till out fo disk spoace occurs.
This could be done by even the most restricted users taht can access the
database.

Isn't is a huge and obvious secyrity hole?

Hal

--- Rasmus Mohr <rmo@Netpointers.com> wrote:
> What 'bout:
>
> REVOKE ALL ON "table_name" FROM PUBLIC;
> GRANT ALL ON "table_name" TO "postgres";
> GRANT SELECT ON "table_name" TO "select_user";
>
> ???
>
> --------------------------------------------------------------
> Rasmus T. Mohr            Direct  :             +45 36 910 122
> Application Developer     Mobile  :             +45 28 731 827
> Netpointers Intl. ApS     Phone   :             +45 70 117 117
> Vestergade 18 B           Fax     :             +45 70 115 115
> 1456 Copenhagen K         Email   : mailto:rmo@netpointers.com
> Denmark                   Website : http://www.netpointers.com
>
> "Remember that there are no bugs, only undocumented features."
> --------------------------------------------------------------
>
> > -----Original Message-----
> > From: pgsql-admin-owner@postgresql.org
> > [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Heni Lolov
> > Sent: Wednesday, June 19, 2002 10:17 AM
> > To: pgsql-admin@postgresql.org
> > Subject: Re: [ADMIN] create table permission
> >
> >
> > Hi,
> >
> > This is the nost stupid thing in PostgreSQL, but there is no
> > CREATE TABLE
> > privilege :(((((((
> > Everybody CAN create tables. Unfortunately it will not be
> > inplemented even in
> > Pg 7.3 according to TODO list. The developers do not consider
> > it as important
> > feature. In my opinion this is the most obvious security hole
> > in PostgreSQL.
> > Really Stupid but FACT!!!!!
> >
> > HEY PEOPLE WILL YOU EVER FIX IT?
> >
> > Hal
> >
> > --- bertdd@lumumba.luc.ac.be wrote:
> > > How can I give SELECT privileges to a table of a database
> > without giving
> > > CREATE TABLE privileges to that database ?
> > >
> > > Bert De Decker
> > >
> > >
> > > ---------------------------(end of
> > broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! - Official partner of 2002 FIFA World Cup
> > http://fifaworldcup.yahoo.com
> >
> > ---------------------------(end of
> > broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
> >
> >


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: create table permission

From
Heni Lolov
Date:
This ain't a bug!
This is lack of an inportant reature feature.

--- Rasmus Mohr <rmo@Netpointers.com> wrote:
> Hmmm you may be right, i can't really tell. Did you submit this as a bug?
>
> --------------------------------------------------------------
> Rasmus T. Mohr            Direct  :             +45 36 910 122
> Application Developer     Mobile  :             +45 28 731 827
> Netpointers Intl. ApS     Phone   :             +45 70 117 117
> Vestergade 18 B           Fax     :             +45 70 115 115
> 1456 Copenhagen K         Email   : mailto:rmo@netpointers.com
> Denmark                   Website : http://www.netpointers.com
>
> "Remember that there are no bugs, only undocumented features."
> --------------------------------------------------------------
>
> > -----Original Message-----
> > From: Heni Lolov [mailto:hal_bg@yahoo.com]
> > Sent: Wednesday, June 19, 2002 10:40 AM
> > To: Rasmus Mohr
> > Subject: RE: [ADMIN] create table permission
> >
> >
> > What about
> > a cycle taht does:
> > create table table1(....);
> > create table table2(....);
> > ....................
> > create table tableN(....);
> >
> > and another:
> > insert into table1 values(.....);
> > insert into table2 values(.....);
> > ....................
> > insert into tablen values(.....);
> >
> > And so on till out fo disk spoace occurs.
> > This could be done by even the most restricted users taht can
> > access the
> > database.
> >
> > Isn't is a huge and obvious secyrity hole?
> >
> > Hal
> >
> > --- Rasmus Mohr <rmo@Netpointers.com> wrote:
> > > What 'bout:
> > >
> > > REVOKE ALL ON "table_name" FROM PUBLIC;
> > > GRANT ALL ON "table_name" TO "postgres";
> > > GRANT SELECT ON "table_name" TO "select_user";
> > >
> > > ???
> > >
> > > --------------------------------------------------------------
> > > Rasmus T. Mohr            Direct  :             +45 36 910 122
> > > Application Developer     Mobile  :             +45 28 731 827
> > > Netpointers Intl. ApS     Phone   :             +45 70 117 117
> > > Vestergade 18 B           Fax     :             +45 70 115 115
> > > 1456 Copenhagen K         Email   : mailto:rmo@netpointers.com
> > > Denmark                   Website : http://www.netpointers.com
> > >
> > > "Remember that there are no bugs, only undocumented features."
> > > --------------------------------------------------------------
> > >
> > > > -----Original Message-----
> > > > From: pgsql-admin-owner@postgresql.org
> > > > [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Heni Lolov
> > > > Sent: Wednesday, June 19, 2002 10:17 AM
> > > > To: pgsql-admin@postgresql.org
> > > > Subject: Re: [ADMIN] create table permission
> > > >
> > > >
> > > > Hi,
> > > >
> > > > This is the nost stupid thing in PostgreSQL, but there is no
> > > > CREATE TABLE
> > > > privilege :(((((((
> > > > Everybody CAN create tables. Unfortunately it will not be
> > > > inplemented even in
> > > > Pg 7.3 according to TODO list. The developers do not consider
> > > > it as important
> > > > feature. In my opinion this is the most obvious security hole
> > > > in PostgreSQL.
> > > > Really Stupid but FACT!!!!!
> > > >
> > > > HEY PEOPLE WILL YOU EVER FIX IT?
> > > >
> > > > Hal
> > > >
> > > > --- bertdd@lumumba.luc.ac.be wrote:
> > > > > How can I give SELECT privileges to a table of a database
> > > > without giving
> > > > > CREATE TABLE privileges to that database ?
> > > > >
> > > > > Bert De Decker
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > > > broadcast)---------------------------
> > > > > TIP 6: Have you searched our list archives?
> > > > >
> > > > > http://archives.postgresql.org
> > > >
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Yahoo! - Official partner of 2002 FIFA World Cup
> > > > http://fifaworldcup.yahoo.com
> > > >
> > > > ---------------------------(end of
> > > > broadcast)---------------------------
> > > > TIP 6: Have you searched our list archives?
> > > >
> > > > http://archives.postgresql.org
> > > >
> > > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! - Official partner of 2002 FIFA World Cup
> > http://fifaworldcup.yahoo.com
> >
> >


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: create table permission

From
Bruce Momjian
Date:
Heni Lolov wrote:
> Hi,
>
> This is the nost stupid thing in PostgreSQL, but there is no CREATE TABLE
> privilege :(((((((
> Everybody CAN create tables. Unfortunately it will not be inplemented even in
> Pg 7.3 according to TODO list. The developers do not consider it as important
> feature. In my opinion this is the most obvious security hole in PostgreSQL.
> Really Stupid but FACT!!!!!
>
> HEY PEOPLE WILL YOU EVER FIX IT?

Yes, it is stupid. It should have been fixed a long time ago.  It will
be fixed in 7.3.  I had not marked it as fixed in 7,3 on TODO but I will
right now.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

UNSUBSCRIBE ME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

From
ashwini sridhar
Date:
--- Bruce Momjian <pgman@candle.pha.pa.us> wrote:
> Heni Lolov wrote:
> > Hi,
> >
> > This is the nost stupid thing in PostgreSQL, but
> there is no CREATE TABLE
> > privilege :(((((((
> > Everybody CAN create tables. Unfortunately it will
> not be inplemented even in
> > Pg 7.3 according to TODO list. The developers do
> not consider it as important
> > feature. In my opinion this is the most obvious
> security hole in PostgreSQL.
> > Really Stupid but FACT!!!!!
> >
> > HEY PEOPLE WILL YOU EVER FIX IT?
>
> Yes, it is stupid. It should have been fixed a long
> time ago.  It will
> be fixed in 7.3.  I had not marked it as fixed in
> 7,3 on TODO but I will
> right now.
>
> --
>   Bruce Momjian                        |
> http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610)
> 853-3000
>   +  If your life is a hard drive,     |  830 Blythe
> Avenue
>   +  Christ can be your backup.        |  Drexel
> Hill, Pennsylvania 19026
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to
majordomo@postgresql.org


=====
bbye - ashwini

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: create table permission

From
Heni Lolov
Date:
Thanks!
We've waited so long.....

Hal

--- Bruce Momjian <pgman@candle.pha.pa.us> wrote:
> Heni Lolov wrote:
> > Hi,
> >
> > This is the nost stupid thing in PostgreSQL, but there is no CREATE TABLE
> > privilege :(((((((
> > Everybody CAN create tables. Unfortunately it will not be inplemented even
> in
> > Pg 7.3 according to TODO list. The developers do not consider it as
> important
> > feature. In my opinion this is the most obvious security hole in
> PostgreSQL.
> > Really Stupid but FACT!!!!!
> >
> > HEY PEOPLE WILL YOU EVER FIX IT?
>
> Yes, it is stupid. It should have been fixed a long time ago.  It will
> be fixed in 7.3.  I had not marked it as fixed in 7,3 on TODO but I will
> right now.
>
> --
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 853-3000
>   +  If your life is a hard drive,     |  830 Blythe Avenue
>   +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com