Re: "with grant option" for user groups.

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Potuganti Ramu <ramup(at)aztec(dot)soft(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: "with grant option" for user groups.
Date: 2004-01-09 14:41:19
Message-ID: 200401091541.19984.peter_e@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> Following statement says that "with grant option" is not allowed to a user
> group. I would like to know what the reasons behind not implementing
> this kind of feature.

Consider the following sequence of steps:

in database 1:
user A grants privilege to group B with grant option
user C who is in group B grants privilege to user D

in database 2:
superuser removes user C from group B

--> user D still has the privilege, because superuser doesn't have access to
database 1 from his session

If you can live with this problem, then you can remove the check from the
source code and it should work.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2004-01-09 14:51:56 Re: Translations in the distributions
Previous Message Potuganti Ramu 2004-01-09 14:14:03 "with grant option" for user groups.