Participants
Peter Eisentraut
Peter Eisentraut
Tom Lane
Tom Lane
Attachments

No attachments in this thread

Thread Outline
#1Peter EisentrautPeter Eisentraut
Aug 23, 2007
#2Tom LaneTom Laneto Peter Eisentraut (#1)
Aug 23, 2007

Owner's grant options not visible

Started by Peter Eisentrautover 18 years ago2 messages
#1Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net

Between 7.4 and 8.0, the owner's grant options were removed from the
aclitem display. This was as a side effect of the fixes of bug #1150,
but I can't readily tell anymore for what specific reason this
happened.

The information schema shows obviously inaccurate data now, and it might
be easy to fix, unless there was some overriding concern that someone
might recall.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Peter Eisentraut (#1)
Re: Owner's grant options not visible

Peter Eisentraut <peter_e@gmx.net> writes:

Between 7.4 and 8.0, the owner's grant options were removed from the
aclitem display.

Yeah, that was intentional, because the way we were doing it was wrong
and caused behavioral bugs. The owner's grant options have to be
treated as being granted to him by "the system", ie some external force.
IIRC the spec suggests actually having a reserved role _SYSTEM and
treating the owner's options as being granted to him by _SYSTEM,
but IMHO that just leads to circularity: where did _SYSTEM get the
rights from? The way we do it now is just to make aclcheck() and
friends assume that the owner always has grant options, regardless of
whether they're explicitly mentioned in an ACL list.

The information schema shows obviously inaccurate data now,

The correct fix is probably to insert an equivalent assumption into the
information_schema code. Not sure of the cleanest way to do that.

regards, tom lane

← Back to Topics