Re: [ADMIN] Permissions not removed when group dropped
| От | Alvaro Herrera |
|---|---|
| Тема | Re: [ADMIN] Permissions not removed when group dropped |
| Дата | |
| Msg-id | 20050516040431.GA9147@surnet.cl обсуждение исходный текст |
| Ответ на | Re: [ADMIN] Permissions not removed when group dropped (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Sun, May 15, 2005 at 05:48:56PM -0400, Tom Lane wrote: > Alvaro Herrera <alvherre@surnet.cl> writes: > > Additionally we need to think what should happen if the user is the > > grantor of some privilege. I think we should warn in RESTRICT mode, and > > in CASCADE, revoke the privilege from the grantee. > > You mean "fail in RESTRICT mode", no? Yes, with a message indicating what happened. > > Hmm. We could implement something like "DROP USER LOCALLY [CASCADE | > > RESTRICT]", which would be a very misleading name for operations 2-4 > > above. Additionally, if the user doesn't have references in other > > databases, drop the user itself. (Note it's inconsistent.) > > I'd go for something more like "DROP OWNED OBJECTS", which'd be just > the stuff internal to the current database (owned objects and ACL > entries). You don't need to drop group memberships per-database. Ok. -- Alvaro Herrera (<alvherre[a]surnet.cl>) "Find a bug in a program, and fix it, and the program will work today. Show the program how to find and fix a bug, and the program will work forever" (Oliver Silfridge)
В списке pgsql-hackers по дате отправления: