BUG #15281: Set role does not affect superuser privleges
| От | PG Bug reporting form |
|---|---|
| Тема | BUG #15281: Set role does not affect superuser privleges |
| Дата | |
| Msg-id | 153175290278.1396.6851104739737410645@wrigleys.postgresql.org обсуждение исходный текст |
| Ответы |
Re: BUG #15281: Set role does not affect superuser privleges
|
| Список | pgsql-bugs |
The following bug has been logged on the website: Bug reference: 15281 Logged by: Michal Wozny Email address: torcher999@gmail.com PostgreSQL version: 10.4 Operating system: Windows Server 2012 R2 Description: Here are the two scenarios I tested: 1) as a session_user: superuser and current_user: non-superuser I can edit others' tables 2) as a session_user: non-superuser and current_user: superuser I cannot edit others' tables The documentation contradicts 1) explicitly, 2) implicitly: "when a superuser chooses to SET ROLE to a non-superuser role, they lose their superuser privileges." Source: https://www.postgresql.org/docs/current/static/sql-set-role.html Steps to reproduce: Preconditions: create two non-superusers [user1, user2] create one superuser [user0] grant user0 to user1 create a table [u2_tab] with owner user2 1) disconnect connect as user0 set role user1 rename u2_tab expected: cannot rename u2_tab actual: can rename u2_tab 2) disconnect connect as user1 set role user0 rename u2_tab expected: can rename u2_tab actual: cannot rename u2_tab SQL steps: Preconditions: CREATE USER user0 WITH SUPERUSER CREATE USER user1 GRANT user0 to user1 CREATE USER user2 CREATE TABLE public.u2_tab ALTER TABLE public.u2_tab OWNER TO user2 1) DISCONNECT CONNECT TO db AS user0 SET ROLE user1 ALTER TABLE public.u2_tab RENAME TO u2_tab1 2) DISCONNECT CONNECT TO db AS user1 SET ROLE user0 ALTER TABLE public.u2_tab1 RENAME TO u2_tab2
В списке pgsql-bugs по дате отправления: