| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: CATUPDATE confusion? |
| Date: | 2015-02-25 20:39:56 |
| Message-ID: | 20150225203955.GY29780@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Peter Eisentraut (peter_e(at)gmx(dot)net) wrote:
> On 12/29/14 7:16 PM, Adam Brightwell wrote:
> > Given this discussion, I have attached a patch that removes CATUPDATE
> > for review/discussion.
> >
> > One of the interesting behaviors (or perhaps not) is how
> > 'pg_class_aclmask' handles an invalid role id when checking permissions
> > against 'rolsuper' instead of 'rolcatupdate'.
>
> I'd get rid of that whole check, not just replace rolcatupdate by rolsuper.
Err, wouldn't this make it possible to grant normal users the ability to
modify system catalogs? I realize that they wouldn't have that
initially, but I'm not sure we want the superuser to be able to grant
that to non-superusers..
I'm fine with making it "if system table and not superuser, error".
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-02-25 20:53:48 | Re: collations in shared catalogs? |
| Previous Message | Josh Berkus | 2015-02-25 20:15:43 | Re: Partitioning WIP patch |