| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Davis <pgsql(at)j-davis(dot)com>, pgsql-bugs(at)postgresql(dot)org, mr-russ(at)pws(dot)com(dot)au, Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) |
| Date: | 2007-05-04 20:54:07 |
| Message-ID: | 20070504205407.GO1504@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
* Alvaro Herrera (alvherre(at)commandprompt(dot)com) wrote:
> Ah, here it is, 12.7 <revoke statement>. It says that if role revokes
> another role from a third role, it will only remove the privileges that
> were granted by him, not someone else.
Hmm. I'm not sure, but that may have been a case where it was generally
decided that the spec was somewhat braindead in this fashion (it seems
so in my personal view of this, honestly...). To issue a revoke and
have it not work would be kind of concerning. If we do end up following
this path we should emit a warning (at least...) if the user still has
the rights which are being revoked, even if through someone else.
Perhaps that also implies that tracking the grantor is unnecessary.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-05-04 21:31:50 | Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) |
| Previous Message | Alvaro Herrera | 2007-05-04 20:45:02 | Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-05-04 21:31:50 | Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) |
| Previous Message | Alvaro Herrera | 2007-05-04 20:45:02 | Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped) |