From: | Simon Riggs <simon(dot)riggs(at)enterprisedb(dot)com> |
---|---|
To: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Safety/validity of resetting permissions by updating system tables |
Date: | 2021-01-03 10:57:14 |
Message-ID: | CANbhV-EAYJ50oXpdqpZ-YjDHt2g02VmPnTAo76ioiuZurYKJbQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Jan 1, 2021 at 7:35 PM Isaac Morland <isaac(dot)morland(at)gmail(dot)com> wrote:
> The use case is to ensure that after doing my GRANTs the permissions are in a known state, no matter what they were before. Typically, one would follow a reset command with some GRANTs. So maybe my permissions script contains:
>
> GRANT UPDATE ON TABLE t1, t2 TO u1, u2;
>
> Later, I revise this to:
>
> GRANT UPDATE ON TABLE t1, t2 TO u1;
>
> But the obsolete permissions will still be available to u2. I would like to be able to put something like this at the top of the permissions script:
>
> RESET PERMISSIONS ON ALL TABLES IN SCHEMA test;
>
> Or in a different context:
>
> RESET PERMISSIONS ON TABLE t1, t2;
>
> Note: I'm not particularly fond of "RESET PERMISSIONS" as the syntax; I just wrote that as an example of what it might look like.
>
> If the tables are newly created this would have no effect; if they were existing tables it would change the permissions to what newly created tables would have.
>
> In the absence of default privileges, I think it's clear that this means setting the acl column (relacl, proacl, ...) to NULL; with default privileges, I think it probably means resetting acl to NULL and then applying the current default privileges as if the object had just been created by its owner. As you point out, it's possible the object never had this privilege set, which is an argument against using the word "reset" in describing the feature. Maybe "GRANT DEFAULT"? But it's weird for GRANT to actually revoke privileges, as it would for most object types.
Exactly what's wrong with "REVOKE ALL ON ALL TABLES IN SCHEMA test" at
the top of your script? You say there is a problem, but don't describe
the precise problem. Can you give a fully worked example so we can
understand how to resolve?
The meaning of GRANT and REVOKE is now defined by SQL Standard, so not
something we can easily change.
--
Simon Riggs http://www.EnterpriseDB.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Noah Misch | 2021-01-03 11:29:55 | Re: pg_upgrade fails with non-standard ACL |
Previous Message | Luc Vlaming | 2021-01-03 10:05:52 | Re: Lazy JIT IR code generation to increase JIT speed with partitions |