Re: [HACKERS] drop user doesn't remove rights from tables ...
| От | Bruce Momjian |
|---|---|
| Тема | Re: [HACKERS] drop user doesn't remove rights from tables ... |
| Дата | |
| Msg-id | 199907071832.OAA05876@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | drop user doesn't remove rights from tables ... (David Sauer <davids@orfinet.cz>) |
| Список | pgsql-hackers |
> david=> create user sss;
> CREATE USER
> david=> select * from pg_shadow;
> usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd|valuntil
> --------+--------+-----------+--------+--------+---------+------+----------------------------
> postgres| 502|t |t |t |t | |Sat Jan 31 07:00:00 2037 CET
> david | 501|t |t |t |t | |
> sss | 503|f |t |f |t | |
> (3 rows)
>
> david=> create table test ( i int );
> CREATE
> david=> grant all on test to sss;
> CHANGE
> david=> \z test
> Database = david
> +----------+--------------------------+
> | Relation | Grant/Revoke Permissions |
> +----------+--------------------------+
> | test | {"=","sss=arwR"} |
> +----------+--------------------------+
> david=> drop user sss;
> DROP USER
> david=> \z test
> Database = david
> +----------+--------------------------+
> | Relation | Grant/Revoke Permissions |
> +----------+--------------------------+
> | test | {"=","503=arwR"} |
> +----------+--------------------------+
>
>
> All rights for user 'sss' remains there (but now identified by
> id=503). I'am not sure, if this is error, but it is dangerous.
> ('createuser' with id=503 will grant all rights to new user)
This has been pointed out before. Not sure how to deal with it.
-- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
В списке pgsql-hackers по дате отправления: