Re: GRANT & DROP

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Gavin M(dot) Roy" <gmr(at)readysetnet(dot)com>
Cc: pgsql list <pgsql-admin(at)postgresql(dot)org>
Subject: Re: GRANT & DROP
Date: 2001-01-08 22:22:53
Message-ID: 19570.978992573@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

"Gavin M. Roy" <gmr(at)readysetnet(dot)com> writes:
> I am looking at the grant command and see it covers alot of
> important things, but the one I am most interested is DROP TABLE and I
> don't see it, nor ALTER. Does DELETE cover DROP as well?

I believe DROP and ALTER rights are determined by ownership, nothing
else. Ditto rights to do GRANT/REVOKE. (The permissions capabilities
in Postgres badly need redesign, since they're nowhere close to what
the SQL spec calls for, but that's what we have at the moment.)

My two cents: any table that you want to be reasonably secure should be
owned by an "admin" sort of user that is not used for normal database
operations. The admin user should grant appropriate permissions to the
userid(s) that are used for routine work.

It's probably good if the admin user is not the superuser, too.
The routine-work users had better not be superuser, else they will
bypass all the permissions checks anyway.

regards, tom lane

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Anthony E . Greene 2001-01-08 23:20:33 Re: GRANT & DROP
Previous Message Gavin M. Roy 2001-01-08 20:09:12 GRANT & DROP