Thread: Permissions problem on 7.4

Permissions problem on 7.4

From
Michalis Kabrianis
Date:
Hi
I hope this is the correct list to ask about a permissions problem I have.

I create a schema named cust, a table named clients, and a group named 
salesmen.
I use:
REVOKE ALL ON SCHEMA cust FROM PUBLIC;
GRANT USAGE ON SCHEMA cust TO GROUP salesmen;

REVOKE ALL ON TABLE clients FROM PUBLIC;
GRANT SELECT ON TABLE clients TO GROUP salesmen;

then I do a :
\dp clients
and get:
                         Access privileges for database "custdb" Schema  |  Table  |
   Access 
 
privileges
---------+---------+-------------------------------------------------------------------------------------------------
cust   | clients | {admin=a*r*w*d*R*x*t*/cust,"group salesmen=r/cust"}
 


The problem is that when I check from within my application if a member 
of the group salesmen has permissions to INSERT into the group clients, 
I get an affirmative question.
I guessed it was a problem with my application, so I downloaded 
postgresql_autodoc (http://www.rbt.ca/autodoc/) in order to check the 
permissions better.
It also claims that group salesmen has the right to SELECT, INSERT and 
DELETE on table clients.
I tried :
revoke insert on  clients from group salesmen;
and nothing changed
I tried :
revoke all on clients from group salesmen;
and every permission was revoked.
Then I tried again:
GRANT SELECT ON TABLE clients TO GROUP salesmen;
and all three permissions (insert, select, delete) are back in place.

All these happen with postgresql 7.4 on linux

Is there something I'm doing wrong, something I don't understand or have 
I hit a bug?

Thanks in advance
Michalis Kabrianis




Re: Permissions problem on 7.4

From
Peter Eisentraut
Date:
Michalis Kabrianis writes:

>   Schema  |  Table  |                                        Access
> privileges
>
---------+---------+-------------------------------------------------------------------------------------------------
>   cust    | clients | {admin=a*r*w*d*R*x*t*/cust,"group salesmen=r/cust"}
>
>
> The problem is that when I check from within my application if a member
> of the group salesmen has permissions to INSERT into the group clients,
> I get an affirmative question.

Fix your application.

> I guessed it was a problem with my application, so I downloaded
> postgresql_autodoc (http://www.rbt.ca/autodoc/) in order to check the
> permissions better.
> It also claims that group salesmen has the right to SELECT, INSERT and
> DELETE on table clients.

Report a bug to the authors of that program.

-- 
Peter Eisentraut   peter_e@gmx.net