Thread: why restrict role "public" but not "Public"?

why restrict role "public" but not "Public"?

From

Alvaro Herrera

Date:

24 August 2010, 22:34:25

Hi,

I just noticed that we restrict creation of a role named "public", but
this is case-sensitive -- i.e. we don't restrict roles named PUBLIC,
etc.

Is this intended?

-- 
Álvaro Herrera <alvherre@alvh.no-ip.org>

Re: why restrict role "public" but not "Public"?

From

Tom Lane

Date:

24 August 2010, 23:04:25

Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> I just noticed that we restrict creation of a role named "public", but
> this is case-sensitive -- i.e. we don't restrict roles named PUBLIC,
> etc.

> Is this intended?

Yes.  If you had a role named that, you might think thatGRANT whatever TO PUBLIC
should refer to that role.
        regards, tom lane

Re: why restrict role "public" but not "Public"?

From

Alvaro Herrera

Date:

24 August 2010, 23:22:38

Excerpts from Tom Lane's message of mar ago 24 19:04:14 -0400 2010:
> Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> > I just noticed that we restrict creation of a role named "public", but
> > this is case-sensitive -- i.e. we don't restrict roles named PUBLIC,
> > etc.
> 
> > Is this intended?
> 
> Yes.  If you had a role named that, you might think that
>     GRANT whatever TO PUBLIC
> should refer to that role.

HoweverGRANT whatever TO "Public"
is allowed?  Seems inconsistent.  My point is that we allow others, not
that we disallow that one.

The reason I'm asking is that I'm trying to allow "public" to be passed
to has_table_privileges(), and have it check for the PUBLIC pseudo-role.
Originally I had coded it using pg_strcasecmp() on the grounds that any
case should refer to this.  However, if "Public" and other combinations
are allowed, only lowercase "public" would work as input for that
function; using any uppercase letter would mean that it'd refer to a
role named like that.

It seems a complicated rule to document.  Seems better to just disallow
creating a role "public" regardless of case.

-- 
Álvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

Re: why restrict role "public" but not "Public"?

From

Tom Lane

Date:

24 August 2010, 23:28:01

Alvaro Herrera <alvherre@commandprompt.com> writes:
> The reason I'm asking is that I'm trying to allow "public" to be passed
> to has_table_privileges(), and have it check for the PUBLIC pseudo-role.
> Originally I had coded it using pg_strcasecmp() on the grounds that any
> case should refer to this.

That would be incorrect, IMO.  Ordinary role names passed to that
function would certainly not be treated case-insensitively, so this
one should not be either.

> It seems a complicated rule to document.  Seems better to just disallow
> creating a role "public" regardless of case.

Perhaps, but the above is not a good argument for changing it.
        regards, tom lane