| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Durumdara <durumdara(at)gmail(dot)com> |
| Cc: | Charles Clavadetscher <clavadetscher(at)swisspug(dot)org>, Postgres General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Remove default privilege from DB |
| Date: | 2018-02-16 15:18:21 |
| Message-ID: | CAKFQuwZua8+4ww+HJ1kTUw=ZSBxrsFxoKauxVGhwWRKtDgVouA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Feb 16, 2018 at 7:56 AM, Durumdara <durumdara(at)gmail(dot)com> wrote:
> I want to know what happened in the background.
> I will make "negative" state if I revoke DefACL without prior grant?
>
Not really following the whole thread but figured I'm comment on this
point that confused me in the past as well.
Not sure if this is what you mean but there is no concept of "negative
state" in the permissions system. Everything starts out with no
permissions. Grant adds permissions and revoke un-adds granted
permissions. Revoking something that doesn't exist is either a no-op or a
warning depending on the context - either way its doesn't setup a
"forbidden" state for the permission.
Revoking/granting on default ACLs never affects already existing objects.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2018-02-16 15:35:28 | Re: Remove default privilege from DB |
| Previous Message | Durumdara | 2018-02-16 14:56:58 | Re: Remove default privilege from DB |