Re: Strange Grant behavior in postgres 8.3

Schwaighofer Clemens wrote:
> Version:
> PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real(Debian 4.3.2-1) 4.3.2
>
> I have a DB "foo" created and owned by postgres.
>
> No I created another role called "bar" and with the user postgres in
> the db foo I did:
>
> #> grant all on foo to bar;

That statement is wrong.
It should be:

GRANT ALL ON DATABASE foo TO bar;

> when I select from pg_database I can see the correct line
>
> bar=CTc/postgres for the db foo
>
> I login with user bar to foo
>
> $ psql -U bar -h localhost foo
>
> but I cannot select anything from any table.

That is ok, because you have no permissions on schemata and tables.

> Now the strange part.
>
> I grant to one table only a all privileges
> #> grant all on table nodes to bar
>
> $> \z nodes
> Schema | Name | Type | Access privileges
> --------+-------+-------+---------------------------------------------------
> public | nodes | table | {postgres=arwdxt/postgres,foo=arwdxt/postgres}

That is very strange, because the user in your example is "bar" and not "foo".

> and then the user bar could read from all tables.

That is unlikely.

> What am I doing wrong? Or where can I look if I missed something

It seems that some of your statements or results are different
from what actually happened.

Try to reproduce it with a new clean database, and then copy and
paste what you did and what results you got so that we can reproduce
the behaviour.

Yours,
Laurenz Albe