From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Bruno Wolff III <bruno(at)wolff(dot)to>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [PATCHES] Users/Groups -> Roles |
Date: | 2005-06-29 00:23:04 |
Message-ID: | 20050629002304.GT24207@ns.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Bruno Wolff III (bruno(at)wolff(dot)to) wrote:
> >> Creating objects in particular schemas or databases is not something that
> >> all roles may be able to do.
>
> > Yeah, I'm not entirely sure what I think about this issue.
>
> We have a precedent, which is that RENAME checks for create rights.
Ah, ok. Precedent is good.
> If you want to lean on the argument that this is just a shortcut for
> dropping the object and then recreating it somewhere else, then you
> need (a) the right to drop the object --- which is inherent in being
> the old owner, and (b) the right to create the new object, which means
> that (b1) you can become the role you wish to have owning the object,
> and (b2) *as that role* you would have the rights needed to create the
> object.
>
> Stephen's original analysis covers (a) and (b1) but not (b2). With (b2)
> I'd agree that it's just a useful shortcut.
Right. Ok, I'll develop a patch which covers (a), (b1) and (b2). I'll
also go through all of the superuser() calls in src/backend/commands/
and check for other places we may need *_ownercheck calls.
I expect to have the patch done either tonight or tommorow.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Jim C. Nasby | 2005-06-29 00:23:49 | Re: [HACKERS] Problem with dblink regression test - FIXED |
Previous Message | Bruce Momjian | 2005-06-29 00:12:16 | Re: CVS pg_config --includedir-server broken |
From | Date | Subject | |
---|---|---|---|
Next Message | Jim C. Nasby | 2005-06-29 00:23:49 | Re: [HACKERS] Problem with dblink regression test - FIXED |
Previous Message | Bruce Momjian | 2005-06-28 23:14:41 | Re: COPY FROM performance improvements |