Users + Groups = Roles, duplicate name issue
| От | ljb |
|---|---|
| Тема | Users + Groups = Roles, duplicate name issue |
| Дата | |
| Msg-id | doabtl$q00$1@news.hub.org обсуждение исходный текст |
| Ответы |
Re: Users + Groups = Roles, duplicate name issue
|
| Список | pgsql-admin |
I loaded a 7.4.x dump into a new 8.1.1 database and found out what happens
if you had the same name as both a user and a group. You can get users with
more rights than they had before. I guess it is too late, but perhaps a
mention in the release text would have been a good idea. Advise people to
rename any group which has the same name as a user.
For example, if at 7.4.x I have:
Group: Is granted all rights to table:
test test_data
acct money_data
Username: Member of group: And therefore gets all rights to table:
ljb test test_data
test acct money_data
After loading the dump into 8.1.1, the test user and test group get merged
into a single role, so the test user gets granted all rights to the test_data
table. In addition, 'ljb' now effectively is a member of the 'acct' group
(via the test role), so is granted all rights to the money_data table.
В списке pgsql-admin по дате отправления: