| From: | Jorge Torralba <jorge(dot)torralba(at)gmail(dot)com> |
|---|---|
| To: | "[ADMIN]" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Issues with privileges carrying over after alter table owner |
| Date: | 2019-05-01 21:50:04 |
| Message-ID: | CACut7uQj7fB-pSjbtwb1DBcakUG5VOtmcPeeOf-87MbyLdkKFg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
we have added some default users to the template1 db so we can grant ro and
rw privs as needed per owner.
For example
If I create table "yyy" as a special user with a set of privileges, the
grantee and gantor data from thopse privs are there.
jorge_dev=# select * from information_schema.table_privileges where
table_name = 'yyy';
grantor | grantee | table_catalog | table_schema | table_name |
privilege_type | is_grantable | with_hierarchy
-----------+------------+---------------+--------------+------------+----------------+--------------+----------------
migration | read_write | jorge_dev | public | yyy |
INSERT | NO | NO
migration | read_write | jorge_dev | public | yyy |
SELECT | NO | YES
migration | read_write | jorge_dev | public | yyy |
UPDATE | NO | NO
migration | read_write | jorge_dev | public | yyy |
DELETE | NO | NO
migration | read_only | jorge_dev | public | yyy |
SELECT | NO | YES
migration | migration | jorge_dev | public | yyy |
INSERT | YES | NO
migration | migration | jorge_dev | public | yyy |
SELECT | YES | YES
migration | migration | jorge_dev | public | yyy |
UPDATE | YES | NO
migration | migration | jorge_dev | public | yyy |
DELETE | YES | NO
migration | migration | jorge_dev | public | yyy |
TRUNCATE | YES | NO
migration | migration | jorge_dev | public | yyy |
REFERENCES | YES | NO
migration | migration | jorge_dev | public | yyy |
TRIGGER | YES | NO
(12 rows)
jorge_dev=#
If I create table 'xxx' as a different user, then alter the table owner the
grantor and grantee information is not carried over.
For example, this is a table created under a different user than altered to
owner migration
jorge_dev=# select * from information_schema.table_privileges where
table_name = 'xxx';
grantor | grantee | table_catalog | table_schema | table_name |
privilege_type | is_grantable | with_hierarchy
-----------+-----------+---------------+--------------+------------+----------------+--------------+----------------
migration | migration | jorge_dev | public | xxx |
INSERT | YES | NO
migration | migration | jorge_dev | public | xxx |
SELECT | YES | YES
migration | migration | jorge_dev | public | xxx |
UPDATE | YES | NO
migration | migration | jorge_dev | public | xxx |
DELETE | YES | NO
migration | migration | jorge_dev | public | xxx |
TRUNCATE | YES | NO
migration | migration | jorge_dev | public | xxx |
REFERENCES | YES | NO
migration | migration | jorge_dev | public | xxx |
TRIGGER | YES | NO
(7 rows)
How can we get all the privileges and grants inherited when a table owner
is altered ?
--
Thanks,
Jorge Torralba
----------------------------
Note: This communication may contain privileged or other confidential
information. If you are not the intended recipient, please do not print,
copy, retransmit, disseminate or otherwise use the information. Please
indicate to the sender that you have received this email in error and
delete the copy you received. Thank You.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | pavan95 | 2019-05-02 13:19:32 | Error while performing Vacuum |
| Previous Message | Rui DeSousa | 2019-04-30 21:28:55 | Re: admin control over cancelling autovacuum when blocked by a lock |