Re: BUG #9923: "reassign owned" does not change permissions grantor

On Wed, Apr 9, 2014 at 11:35:09AM +0400, Alexey Bashtanov wrote:
> after a series of tests and source code reading I realized that
> 1) the bug is not fixed in last git repository version

Confirmed.

> 2) the bug could be reproduced on types and foreign servers, maybe
> also on foreign data wrappers, triggers, but not on any other
> objects

Triggers don't have acl lists, but all the others are accurate.

> 3) it does not matter if we assign owner using "reassign owned" or
> using "alter .. owner to ..."

Confirmed.

> 4) there is a problem on revoking such incorrect grants: a
> workaround is to reassign back to old owner, then revoke, than
> reassign once again
> 5) to fix the bug we need to perform aclnewowner call in
> AlterForeignServerOwner_internal and AlterTypeOwner (including the
> typtype == TYPTYPE_COMPOSITE case, cause we pass recursing=true to
> ATExecChangeOwner)
> and maybe in AlterForeignDataWrapperOwner_internal and
> AlterEventTriggerOwner_internal

I can confirm this bug report from April, and your analysis of the fixes
--- we were missing calls to aclnewowner() for types, foreign servers,
and foreign data wrappers, for both REASSIGN and ALTER OWNER TO.

With the attached SQL script you can see the ACL fields properly
changing to match the object owner (attached). Without the patch, only
the table's ACL changes.

The patch also changes the regression output --- I think that is because
the object ownership changes remove certain duplicates from the ACL
list.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ Everyone has their own god. +