| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Potuganti Ramu <ramup(at)aztec(dot)soft(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: "with grant option" for user groups. |
| Date: | 2004-01-09 17:56:03 |
| Message-ID: | 200401091856.03988.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Potuganti Ramu wrote:
> Scenario 1:
> ===========
> User A grants privilege to group B with grant option.
> User C who is in group B grants privilege to user D
>
> If super user removes the user C from the group, then who is the
> grantee for the user D? And who can revoke revoke the privileges from
> user D?
The privileges should be revoked from user D automatically in the same
step that removes the user C from the group.
> Scenario 2:
> ===========
> User A grants privilege to group 'B' and 'Z' with grant option.
> User C who is in group 'B' and 'Z' grants privilege to user D.
>
> If user C removed from the group 'B' then who will be the grantee for
> user 'D'? And who can revoke revoke the privileges from user D?
In strict SQL only one role can be active at one time, so there is no
problem. If we didn't want to use that restriction, we'd need to think
of something else.
> If user C is removed from both the groups then who will be the
> grantee for the user? And who can revoke revoke the privileges from
> user D?
See your scenario 1 above.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2004-01-09 18:46:01 | Encoding problems in PostgreSQL with XML data |
| Previous Message | Tom Lane | 2004-01-09 15:59:33 | Re: Translations in the distributions |