From: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | torcher999(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: BUG #15281: Set role does not affect superuser privleges |
Date: | 2018-07-16 23:26:41 |
Message-ID: | 2e4ecc9f-5302-7017-40aa-7a412b7452da@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On 07/17/2018 12:12 AM, Tom Lane wrote:
> Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> writes:
>> On 07/16/2018 04:55 PM, PG Bug reporting form wrote:
>>> Here are the two scenarios I tested:
>>> 1) as a session_user: superuser and current_user: non-superuser I can edit
>>> others' tables
>>> 2) as a session_user: non-superuser and current_user: superuser I cannot
>>> edit others' tables
>
>> It's usually a good idea to provide exact scripts / output so that
>> people can reproduce the issue easily. For me it behaves like this:
>> ...
>> So, correct in both cases. I'm not on Windows, but I don't see why would
>> it behave differently there.
>
> Tomas' test left out the "GRANT user0 to user1" bit, but I can't
> reproduce the behavior as described either.
>
Ah, right. Sorry for not mentioning that.
I've actually tried both with and without that GRANT (no effect on
behavior), but I've assumed it's there only to allow the `SET user0`
which I've replaced by connecting directly as user0. So I haven't
included it into the response.
regards
--
Tomas Vondra http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | PG Bug reporting form | 2018-07-17 15:19:00 | BUG #15282: Materialized view with transitive TYPE dependency fails refresh using pg_restore and psql |
Previous Message | Tom Lane | 2018-07-16 22:12:50 | Re: BUG #15281: Set role does not affect superuser privleges |