Re: SELECT has_database_privilege('user01', 'db01', 'connect');
| От | David G. Johnston |
|---|---|
| Тема | Re: SELECT has_database_privilege('user01', 'db01', 'connect'); |
| Дата | |
| Msg-id | CAKFQuwY8sg4NOtzwmTKw2oq-8ths3knGvdJGzXffgrSD2Y4r6w@mail.gmail.com обсуждение исходный текст |
| Ответ на | SELECT has_database_privilege('user01', 'db01', 'connect'); ("William Sescu (Suva)" <william.sescu@suva.ch>) |
| Список | pgsql-admin |
On Thursday, April 28, 2022, William Sescu (Suva) <william.sescu@suva.ch> wrote:
Hello %
I am kinda confused, if I miss something. I have two questions:
* A new created user should not have the connect privilege per default, if the user is not the owner of the db, right?
* The function has_database_privilege should return false, if I revoke the connect privilege, right?
(postgres@[local]:55042)[postgres]> CREATE USER user01 ENCRYPTED PASSWORD 'user01';
CREATE ROLE
(postgres@[local]:55042)[postgres]> CREATE DATABASE db01 WITH OWNER = postgres;
CREATE DATABASE
(postgres@[local]:55042)[postgres]> SELECT has_database_privilege(' user01', 'db01', 'connect');
has_database_privilege
------------------------
t <= have expected false here
(1 row)
Not how it works, see default privileges, namely for “public”.
(postgres@[local]:55042)[postgres]> REVOKE CONNECT ON DATABASE db01 FROM user01;
REVOKE
(postgres@[local]:55042)[postgres]> SELECT has_database_privilege(' user01', 'db01', 'connect');
has_database_privilege
------------------------
t <= have expected false here even more after the revoke statement
(1 row)
Or do I have some misunderstanding in regards of how it should work?
The privilege being found is inherited, you revoked a non-existent grant which doesn’t do anything. You need to revoke the privilege being inherited, from “public”.
David J.
В списке pgsql-admin по дате отправления: