Thread: SELECT has_database_privilege('user01', 'db01', 'connect');
Hello %
I am kinda confused, if I miss something. I have two questions:
* A new created user should not have the connect privilege per default, if the user is not the owner of the db, right?
* The function has_database_privilege should return false, if I revoke the connect privilege, right?
(postgres@[local]:55042)[postgres]> CREATE USER user01 ENCRYPTED PASSWORD 'user01';
CREATE ROLE
(postgres@[local]:55042)[postgres]> CREATE DATABASE db01 WITH OWNER = postgres;
CREATE DATABASE
(postgres@[local]:55042)[postgres]> SELECT has_database_privilege('user01', 'db01', 'connect');
has_database_privilege
------------------------
t <= have expected false here
(1 row)
(postgres@[local]:55042)[postgres]> REVOKE CONNECT ON DATABASE db01 FROM user01;
REVOKE
(postgres@[local]:55042)[postgres]> SELECT has_database_privilege('user01', 'db01', 'connect');
has_database_privilege
------------------------
t <= have expected false here even more after the revoke statement
(1 row)
Or do I have some misunderstanding in regards of how it should work?
Cheers,
William
________________________________
Disclaimer:
Diese Nachricht und ihr eventuell angehängte Dateien sind nur für den Adressaten bestimmt. Sie kann vertrauliche oder
gesetzlichgeschützte Daten oder Informationen beinhalten. Falls Sie diese Nachricht irrtümlich erreicht hat, bitten wir
Siehöflich, diese unter Ausschluss jeglicher Reproduktion zu löschen und die absendende Person zu benachrichtigen.
Dankefür Ihre Hilfe.
This message and any attached files are for the sole use of the recipient named above. It may contain confidential or
legallyprotected data or information. If you have received this message in error, please delete it without making any
copieswhatsoever and notify the sender. Thank you for your assistance.
Attachment
On Thursday, April 28, 2022, William Sescu (Suva) <william.sescu@suva.ch> wrote:
Hello %
I am kinda confused, if I miss something. I have two questions:
* A new created user should not have the connect privilege per default, if the user is not the owner of the db, right?
* The function has_database_privilege should return false, if I revoke the connect privilege, right?
(postgres@[local]:55042)[postgres]> CREATE USER user01 ENCRYPTED PASSWORD 'user01';
CREATE ROLE
(postgres@[local]:55042)[postgres]> CREATE DATABASE db01 WITH OWNER = postgres;
CREATE DATABASE
(postgres@[local]:55042)[postgres]> SELECT has_database_privilege(' user01', 'db01', 'connect');
has_database_privilege
------------------------
t <= have expected false here
(1 row)
Not how it works, see default privileges, namely for “public”.
(postgres@[local]:55042)[postgres]> REVOKE CONNECT ON DATABASE db01 FROM user01;
REVOKE
(postgres@[local]:55042)[postgres]> SELECT has_database_privilege(' user01', 'db01', 'connect');
has_database_privilege
------------------------
t <= have expected false here even more after the revoke statement
(1 row)
Or do I have some misunderstanding in regards of how it should work?
The privilege being found is inherited, you revoked a non-existent grant which doesn’t do anything. You need to revoke the privilege being inherited, from “public”.
David J.