From: | Joseph Koshakow <koshy44(at)gmail(dot)com> |
---|---|
To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Missing warning on revokes with grant options |
Date: | 2023-05-19 17:22:12 |
Message-ID: | CAAvxfHen_fBZQw7BfRmN-4=Es1tb1Ah=kGLLM_7mcXo8a0up8A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Sorry for the multiple consecutive emails. I just came across this
comment that explains the current behavior in restrict_and_check_grant
/*
* Restrict the operation to what we can actually grant or revoke, and
* issue a warning if appropriate. (For REVOKE this isn't quite what the
* spec says to do: the spec seems to want a warning only if no privilege
* bits actually change in the ACL. In practice that behavior seems much
* too noisy, as well as inconsistent with the GRANT case.)
*/
However, I still think the current behavior is a bit strange since
holding a grant option is not directly required to issue a revoke.
Perhaps for revoke the logic should be:
- for each specified privilege:
- if the set of acl items on the specified object that includes
this privilege is non empty
- and none of those acl items have the current role as the
grantor
- then issue a warning.
Thanks,
Joe Koshakow
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2023-05-19 18:33:36 | Re: The documentation for READ COMMITTED may be incomplete or wrong |
Previous Message | Alvaro Herrera | 2023-05-19 17:16:16 | Re: psql: Could we get "-- " prefixing on the **** QUERY **** outputs? (ECHO_HIDDEN) |