Re: Weird table permission stuff.

GH <grasshacker@over-yonder.net> writes:
> The owner of the database and table may run rampant on any tables that
> have *no* permissions granted. On tables with permissions granted to
> anyone other than the owner, access is refused to anyone except the
> owner. Er, that is supposed to happen, correct?

There is a bug there, but your description doesn't seem to quite match.

The initial default behavior, when the table's ACL is null, is full
access for table owner, no access for anyone else.  (Superusers get
a free pass at all times, of course, so let's ignore them.)  Now you
would think that an explicit GRANT or REVOKE would modify the behavior
starting from that initial default.  Unfortunately, in 7.0 (and possibly
prior releases, haven't checked), as soon as you do an explicit GRANT or
REVOKE, it forgets about the "full access for table owner" part of the
default and you end up with no access except that explicitly GRANTed.
So you then have to do an explicit GRANT of all rights to yourself
in order to get back to where you were.  (Fortunately, you cannot lose
the right to do GRANT/REVOKE --- that's based on ownership not
permission bits --- or this'd be a real catch-22.  As is, it's only
an annoyance.)

This misbehavior is fixed in current sources for 7.1.  However, if
you've described what you're seeing accurately, maybe there's another
bug in there that I'm not aware of... please give a specific example.

            regards, tom lane