Thread: Weird table permission stuff.

Weird table permission stuff.

From
GH
Date:
Running 7.0.2 on FreeBSD 4.0-RELEASE.

After creating a database and any number of tables, the situation is
thus:

The owner of the database and table may run rampant on any tables that
have *no* permissions granted. On tables with permissions granted to
anyone other than the owner, access is refused to anyone except the
owner. Er, that is supposed to happen, correct?

Thanks.
gh


Re: Weird table permission stuff.

From
Tom Lane
Date:
GH <grasshacker@over-yonder.net> writes:
> The owner of the database and table may run rampant on any tables that
> have *no* permissions granted. On tables with permissions granted to
> anyone other than the owner, access is refused to anyone except the
> owner. Er, that is supposed to happen, correct?

There is a bug there, but your description doesn't seem to quite match.

The initial default behavior, when the table's ACL is null, is full
access for table owner, no access for anyone else.  (Superusers get
a free pass at all times, of course, so let's ignore them.)  Now you
would think that an explicit GRANT or REVOKE would modify the behavior
starting from that initial default.  Unfortunately, in 7.0 (and possibly
prior releases, haven't checked), as soon as you do an explicit GRANT or
REVOKE, it forgets about the "full access for table owner" part of the
default and you end up with no access except that explicitly GRANTed.
So you then have to do an explicit GRANT of all rights to yourself
in order to get back to where you were.  (Fortunately, you cannot lose
the right to do GRANT/REVOKE --- that's based on ownership not
permission bits --- or this'd be a real catch-22.  As is, it's only
an annoyance.)

This misbehavior is fixed in current sources for 7.1.  However, if
you've described what you're seeing accurately, maybe there's another
bug in there that I'm not aware of... please give a specific example.

            regards, tom lane

Re: Weird table permission stuff.

From
GH
Date:
On Wed, Nov 22, 2000 at 07:51:50PM -0500, some SMTP stream spewed forth:
> GH <grasshacker@over-yonder.net> writes:
> > The owner of the database and table may run rampant on any tables that
> > have *no* permissions granted. On tables with permissions granted to
> > anyone other than the owner, access is refused to anyone except the
> > owner. Er, that is supposed to happen, correct?
>
> There is a bug there, but your description doesn't seem to quite match.
>
Er, you described the behavior that I saw. I am not sure how you took my
description, though. I will have to be a bit more precise next time. ;-)

I thank you for your assistance.
gh