| From: | Alexander Korotkov <a(dot)korotkov(at)postgrespro(dot)ru> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Add TOAST to system tables with ACL? |
| Date: | 2017-10-04 09:15:29 |
| Message-ID: | CAPpHfdtxTS4Zs1G+YZ-ZP69rgBi8n1FmeFfHaMc=LONq0NU7bQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Oct 3, 2017 at 9:19 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> For pg_database, you'd have to make sure that the startup-time check of
> database CONNECT privilege still works if the ACL's been pushed out of
> line.
>
I've tried this case.
At first, make database temp with no connect privilege from public and
10000 users.
create database temp;
revoke connect on database temp from public;
\copy (select 'create user u' || i || ';' from generate_series(1,10000) i)
to 'script.sql'
\i script.sql
I've checked that user u10000 can't login to database temp.
$ psql temp -U u10000
psql: FATAL: permission denied for database "temp"
DETAIL: User does not have CONNECT privilege.
Than I grant connect privilege to all that 10000 users.
\copy (select 'grant connect on database temp to u' || i || ';' from
generate_series(1,10000) i) to 'script.sql'
\i script.sql
Then user u10000 can login successfully.
$ psql temp -U u10000
psql (11devel)
Type "help" for help.
u10000(at)temp=#
Thus, in this simple case database CONNECT privilege works with out-of-line
ACL for me.
------
Alexander Korotkov
Postgres Professional: http://www.postgrespro.com
The Russian Postgres Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2017-10-04 09:24:01 | Re: list of credits for release notes |
| Previous Message | Ants Aasma | 2017-10-04 08:56:47 | Re: JIT compiling - v4.0 |