| From: | Zoltan Boszormenyi <zb(at)cybertec(dot)at> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | REVOKE CONNECT doesn't work in 8.3.5 |
| Date: | 2008-12-19 12:21:37 |
| Message-ID: | 494B91D1.4070905@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
It seems REVOKE CONNECT doesn't work as advertised.
I have "trust" entries in pg_hba.conf because my machine is closed.
I added some PG users, and one of them was used in:
REVOKE CONNECT ON DATABASE zozo FROM hs;
However, user "hs" can happily connect to database "zozo"
despite the REVOKE. Documentation says at
http://www.postgresql.org/docs/8.3/interactive/sql-grant.html :
CONNECT
Allows the user to connect to the specified database.
This privilege is checked at connection startup (in addition to checking
any restrictions imposed by pg_hba.conf).
To me, this means that REVOKE CONNECT is a veto over "trust".
Is it not?
Best regards,
Zoltán Böszörményi
--
Bible has answers for everything. Proofs:
"But let your communication be, Yea, yea; Nay, nay: for whatsoever is more
than these cometh of evil." (Matthew 5:37) - basics of digital technology.
"May your kingdom come" - superstitious description of plate tectonics
----------------------------------
Zoltán Böszörményi
Cybertec Schönig & Schönig GmbH
http://www.postgresql.at/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2008-12-19 12:49:58 | Re: How are locks managed in PG? |
| Previous Message | Reg Me Please | 2008-12-19 11:04:22 | [PGSQL 8.3.5] How to handle FKs with partitioning? |