Re: "with grant option" for user groups.
| От | Peter Eisentraut |
|---|---|
| Тема | Re: "with grant option" for user groups. |
| Дата | |
| Msg-id | 200401091856.03988.peter_e@gmx.net обсуждение исходный текст |
| Ответ на | Re: "with grant option" for user groups. (Potuganti Ramu <ramup@aztec.soft.net>) |
| Список | pgsql-hackers |
Potuganti Ramu wrote: > Scenario 1: > =========== > User A grants privilege to group B with grant option. > User C who is in group B grants privilege to user D > > If super user removes the user C from the group, then who is the > grantee for the user D? And who can revoke revoke the privileges from > user D? The privileges should be revoked from user D automatically in the same step that removes the user C from the group. > Scenario 2: > =========== > User A grants privilege to group 'B' and 'Z' with grant option. > User C who is in group 'B' and 'Z' grants privilege to user D. > > If user C removed from the group 'B' then who will be the grantee for > user 'D'? And who can revoke revoke the privileges from user D? In strict SQL only one role can be active at one time, so there is no problem. If we didn't want to use that restriction, we'd need to think of something else. > If user C is removed from both the groups then who will be the > grantee for the user? And who can revoke revoke the privileges from > user D? See your scenario 1 above.
В списке pgsql-hackers по дате отправления: