Lists: | pgsql-hackers |
---|
From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Weird Grant/Revoke/Usage behavior |
Date: | 2005-12-02 05:04:18 |
Message-ID: | 438FD5D2.6070202@commandprompt.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
Hello,
The below seems incorrect. If I am in the schema the behavior seems
correct. I can't see or select from the table.
However if I am not in the schema I am able to see the table and its
structure. The user jd is not a superuser.
cleancontact=# revoke usage on schema financials from jd;
REVOKE
cleancontact=# \c cleancontact jd
You are now connected to database "cleancontact" as user "jd".
cleancontact=> \d financials.foo
Table "financials.foo"
Column | Type | Modifiers
--------+--------+---------------------------------------------------------
id | bigint | not null default nextval('financials.foo_id_seq'::text)
fname | text |
Indexes:
"foo_pkey" PRIMARY KEY, btree (id)
cleancontact=> set search_path='financials';
SET
cleancontact=> \d
No relations found.
cleancontact=> \d foo
Did not find any relation named "foo".
cleancontact=>
From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Weird Grant/Revoke/Usage behavior |
Date: | 2005-12-06 20:29:39 |
Message-ID: | 200512062029.jB6KTdb02915@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
Can someone comment on this?
---------------------------------------------------------------------------
Joshua D. Drake wrote:
> Hello,
>
> The below seems incorrect. If I am in the schema the behavior seems
> correct. I can't see or select from the table.
> However if I am not in the schema I am able to see the table and its
> structure. The user jd is not a superuser.
>
> cleancontact=# revoke usage on schema financials from jd;
> REVOKE
> cleancontact=# \c cleancontact jd
> You are now connected to database "cleancontact" as user "jd".
> cleancontact=> \d financials.foo
> Table "financials.foo"
> Column | Type | Modifiers
> --------+--------+---------------------------------------------------------
> id | bigint | not null default nextval('financials.foo_id_seq'::text)
> fname | text |
> Indexes:
> "foo_pkey" PRIMARY KEY, btree (id)
>
> cleancontact=> set search_path='financials';
> SET
> cleancontact=> \d
> No relations found.
> cleancontact=> \d foo
> Did not find any relation named "foo".
> cleancontact=>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Weird Grant/Revoke/Usage behavior |
Date: | 2005-12-06 21:11:59 |
Message-ID: | 16351.1133903519@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Can someone comment on this?
It's operating as designed. Schemas you don't have USAGE privilege on
are ignored if listed in your search path.
regards, tom lane