From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Gevik Babakhani <pgdev(at)xs4all(dot)nl> |
Cc: | Alvaro Herrera <alvherre(at)commandprompt(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Please advice TODO Item pg_hba.conf |
Date: | 2006-04-23 23:14:29 |
Message-ID: | 18744.1145834069@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Gevik Babakhani <pgdev(at)xs4all(dot)nl> writes:
> On Sun, 2006-04-23 at 17:06 -0400, Alvaro Herrera wrote:
>> If I'm not mistaken, the general principle for creating objects is leave
>> their ACLs as NULLs.
> Personally I think this would create an conflict only in case of the
> CONNECT privilege. If the ACL is NULL and we treat NULL as default and
> the CONNECT privilege is part of default privileges then how do we
> distinguish between someone NOT HAVING THE CONNECT PRIVILEGE to connect
> to a certain database.
You're not following Alvaro's point. The code's behavior is that a NULL
ACL is interpreted as being the default ACL for the object type.
Whether people would be allowed to connect would depend on what we set
as the default privilege state for the CONNECT privilege. But since
we are going to grant it to PUBLIC by default (no, that's not open to
debate), people will succeed in connecting to a database with NULL ACL.
That's just like they can succeed in creating schemas in a database with
NULL ACL today.
Revoking privileges from an object with NULL ACL doesn't leave it NULL
(try it and see, preferably on an object where the default privileges
include some for PUBLIC --- databases or functions will do).
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2006-04-23 23:18:29 | Re: Please advice TODO Item pg_hba.conf |
Previous Message | Tom Lane | 2006-04-23 23:09:46 | Re: Please advice TODO Item pg_hba.conf |