Thread: Owner's grant options not visible

Owner's grant options not visible

From
Peter Eisentraut
Date:
Between 7.4 and 8.0, the owner's grant options were removed from the 
aclitem display.  This was as a side effect of the fixes of bug #1150, 
but I can't readily tell anymore for what specific reason this 
happened.

The information schema shows obviously inaccurate data now, and it might 
be easy to fix, unless there was some overriding concern that someone 
might recall.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/


Re: Owner's grant options not visible

From
Tom Lane
Date:
Peter Eisentraut <peter_e@gmx.net> writes:
> Between 7.4 and 8.0, the owner's grant options were removed from the 
> aclitem display.

Yeah, that was intentional, because the way we were doing it was wrong
and caused behavioral bugs.  The owner's grant options have to be
treated as being granted to him by "the system", ie some external force.
IIRC the spec suggests actually having a reserved role _SYSTEM and
treating the owner's options as being granted to him by _SYSTEM,
but IMHO that just leads to circularity: where did _SYSTEM get the
rights from?  The way we do it now is just to make aclcheck() and
friends assume that the owner always has grant options, regardless of
whether they're explicitly mentioned in an ACL list.

> The information schema shows obviously inaccurate data now,

The correct fix is probably to insert an equivalent assumption into the
information_schema code.  Not sure of the cleanest way to do that.
        regards, tom lane