Re: [HACKERS] Add TOAST to system tables with ACL?
| От | Alexander Korotkov |
|---|---|
| Тема | Re: [HACKERS] Add TOAST to system tables with ACL? |
| Дата | |
| Msg-id | CAPpHfdtxTS4Zs1G+YZ-ZP69rgBi8n1FmeFfHaMc=LONq0NU7bQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Add TOAST to system tables with ACL? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Tue, Oct 3, 2017 at 9:19 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
For pg_database, you'd have to make sure that the startup-time check of
database CONNECT privilege still works if the ACL's been pushed out of
line.
I've tried this case.
At first, make database temp with no connect privilege from public and 10000 users.
create database temp;
revoke connect on database temp from public;
\copy (select 'create user u' || i || ';' from generate_series(1,10000) i) to 'script.sql'
\i script.sql
I've checked that user u10000 can't login to database temp.
$ psql temp -U u10000
psql: FATAL: permission denied for database "temp"
DETAIL: User does not have CONNECT privilege.
Than I grant connect privilege to all that 10000 users.
\copy (select 'grant connect on database temp to u' || i || ';' from generate_series(1,10000) i) to 'script.sql'
\i script.sql
Then user u10000 can login successfully.
$ psql temp -U u10000
psql (11devel)
Type "help" for help.
u10000@temp=#
Thus, in this simple case database CONNECT privilege works with out-of-line ACL for me.
------
В списке pgsql-hackers по дате отправления: