Re: 8.1 release notes
| От | Stephen Frost |
|---|---|
| Тема | Re: 8.1 release notes |
| Дата | |
| Msg-id | 20050823202626.GK6026@ns.snowman.net обсуждение исходный текст |
| Ответ на | 8.1 release notes (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Ответы |
Re: 8.1 release notes
|
| Список | pgsql-hackers |
* Bruce Momjian (pgman@candle.pha.pa.us) wrote: > http://candle.pha.pa.us/main/writings/pgsql/sgml/release.html#RELEASE-8-1 Regarding E.1.3.4 (Object Manipulation Changes): --------- Allow ALTER OWNER commands to be performed by the object owner as well as the superuser (Stephen Frost) Prior releases only allowed super-user to change object owners, even if the current owner was executing the command and the new owner have permission to create objects of that type. --------- This isn't *quite* right and implies an ability some might frown upon ("giving away" objects) that isn't actually allowed by my changes. How about: --------- Allow ALTER OWNER commands to be performed by the object owner (Stephen Frost) Prior releases only allowed a single user to own an object. With the addition of role support (where a role can own an object and that role can have members) it's now possible for multiple users to have ownership rights on a given object. ALTER OWNER has been updated to allow changing the ownership of an object when the user has ownership rights on the object, is in the new owner role, and the new owner role has the right to create the object. --------- Unfortunately, though there was some discussion on it, it seems that the new owner role must have rights to create the object even if the user doing the ALTER OWNER owns the schema/db in question. This means a user would have to first grant create privileges to the unpriviledged role, change the ownership to that role, and then reokve the create privileges. This also means that a number of explicit 'superuser()' checks were added after I had worked to minimize them. I'd still like to see the explicit superuser() checks removed in favor of checking schema ownership but I'm guessing it's too late for that now. Perhaps after 8.1 is released we'll get some conversation regarding these kinds of things which goes beyond just Tom and I. I don't mind discussing it with Tom but it'd be nice to get some fresh viewpoints on the subject and eventually "I think it's better", "I don't like it" gets kind of boring and can be difficult to work past (well, except he has commit access and I don't... ;). Thanks, Stephen
В списке pgsql-hackers по дате отправления: