From: | "Dave Held" <dave(dot)held(at)arraysg(dot)com> |
---|---|
To: | <pgsql-admin(at)postgresql(dot)org> |
Subject: | Irrevocable privileges |
Date: | 2005-05-10 22:40:11 |
Message-ID: | 49E94D0CFCD4DB43AFBA928DDD20C8F902618506@asg002.asg.local |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
I think it's silly that any privileges that an owner grants to himself are
essentially irrevocable. It's silly because it makes changing the object
owner pointless. Consider:
User joe creates table foo
User joe grants permission rw to himself on foo
User joe decides that user bob should really be the owner of foo
User joe revokes his permissions, alters foo to be owned by bob,
and gives bob rw privilege
User joe is annoyed to find out that his privileges are in a state of limbo
The only way to fix this is to do a backup/restore. It seems to me
that owner privs should be revokable in a transaction where the owner
is changed to a different user. That way, joe doesn't leave behind a
trail of mess when he decides to change ownership of objects.
__
David B. Held
Software Engineer/Array Services Group
200 14th Ave. East, Sartell, MN 56377
320.534.3637 320.253.7800 800.752.8129
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-05-10 23:10:33 | Re: Irrevocable privileges |
Previous Message | DHS Club Webmaster | 2005-05-10 19:39:39 | Re: Many idle processes? |