| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Alexander Kukushkin <cyberdemn(at)gmail(dot)com> |
| Cc: | Kirill Reshke <reshkekirill(at)gmail(dot)com>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: Superuser can't revoke role granted by non-superuser |
| Date: | 2025-01-27 14:43:13 |
| Message-ID: | 391919.1737988993@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Alexander Kukushkin <cyberdemn(at)gmail(dot)com> writes:
> E.g. superuser is supposed to use "revoke bb from aa granted by b"
Exactly. This is not a bug, you just did not correctly name the
privilege you're trying to revoke.
If memory serves, the default behavior for a superuser is that
we'll revoke the privilege as granted by the object owner, since
that's the most common case. For everyone else, the default
assumption about "granted by" is "yourself". Some edge cases
about this might have changed in v16, not sure.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Victor Castro Amigo | 2025-01-27 14:55:39 | PostgreSQL 17.2 servers crashing due to segmentation faults on query execution |
| Previous Message | Alexander Kukushkin | 2025-01-27 10:13:47 | Re: Superuser can't revoke role granted by non-superuser |