| From: | Martin Renters <martin(at)datafax(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Martin Renters <martin(at)datafax(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: bug in permission handling? |
| Date: | 2002-01-14 16:12:48 |
| Message-ID: | 20020114111248.A11077@aspen.datafax.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jan 14, 2002 at 10:29:01AM -0500, Tom Lane wrote:
> Martin Renters <martin(at)datafax(dot)com> writes:
> > Should the permissions of a deleted user get assigned to a new user
> > as in the example below?
>
> That can happen, since the default "usesysid" assignment is "max
> existing usesysid + 1". If you delete the last user then their sysid
> becomes a candidate for reassignment. This is not real good, but fixing
> it isn't that high on the priority list (and is difficult to do unless
> we take away the option of hand-assigned sysids ... otherwise we could
> just have a sequence generator for sysids).
Isn't it possible for PostgreSQL to delete permissions on tables when a
user gets deleted? It seems to be a bit of a security issue when a new
user suddenly inherits permissions he shouldn't have.
Martin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-01-14 16:15:06 | Re: bug in permission handling? |
| Previous Message | Zeugswetter Andreas SB SD | 2002-01-14 16:02:44 | Re: 7.1 vs. 7.2 on AIX 5L |