From: | Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: default privileges |
Date: | 2010-04-03 23:56:49 |
Message-ID: | s2q3073cc9b1004031656rb12d8438l7413a7d9811903cb@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sat, Apr 3, 2010 at 5:27 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> I wrote:
>> Yeah. The problem here is that once you've created an entry in
>> pg_default_acl, there is no way to make it go away.
>
> Actually that's not true: you can get rid of it with DROP OWNED BY.
> This fact is even documented in the ALTER DEFAULT PRIVILEGES manual
> page:
>
> If you wish to drop a role that has had its global default
> privileges altered, it is necessary to use DROP OWNED BY first,
> to get rid of the default privileges entry for the role.
>
ah! i obviously didn't read the manual in detail :)
> Not sure if this is good enough or we need to provide some more-obvious
> way of dealing with it.
>
it's strange that a REVOKE doesn't clean what a GRANT did, and DROP
OWNED BY seems very dangerous (at least if i forgot to make REASSIGN
OWNED first).
we can let it as it is, but at least we can add a HINT for use DROP
OWNED BY having execute REASSIGN OWNED first...
or we can make what seems more reasonable, make the REVOKE clean the mess :)
if you prefer the second way i can try to prepare a patch
--
Atentamente,
Jaime Casanova
Soporte y capacitación de PostgreSQL
Asesoría y desarrollo de sistemas
Guayaquil - Ecuador
Cel. +59387171157
From | Date | Subject | |
---|---|---|---|
Next Message | Jaime Casanova | 2010-04-04 05:39:02 | "pg_stat_tmp/pgstat.stat": Stale NFS file handle |
Previous Message | Tom Lane | 2010-04-03 21:27:47 | Re: default privileges |