| From: | ljb <ljb220(at)mindspring(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Users + Groups = Roles, duplicate name issue |
| Date: | 2005-12-21 01:42:14 |
| Message-ID: | doabtl$q00$1@news.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
I loaded a 7.4.x dump into a new 8.1.1 database and found out what happens
if you had the same name as both a user and a group. You can get users with
more rights than they had before. I guess it is too late, but perhaps a
mention in the release text would have been a good idea. Advise people to
rename any group which has the same name as a user.
For example, if at 7.4.x I have:
Group: Is granted all rights to table:
test test_data
acct money_data
Username: Member of group: And therefore gets all rights to table:
ljb test test_data
test acct money_data
After loading the dump into 8.1.1, the test user and test group get merged
into a single role, so the test user gets granted all rights to the test_data
table. In addition, 'ljb' now effectively is a member of the 'acct' group
(via the test role), so is granted all rights to the money_data table.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2005-12-21 05:00:10 | Re: cache lookup failed for type |
| Previous Message | Alvaro Herrera | 2005-12-20 17:03:46 | Re: WITH SYSID feature dropped |