new warning message

Started by Jeff Davisabout 18 years ago3 messageshackers

pgsql@j-davis.com

about 18 years ago

On IRC today someone brought up a problem in which users were still able
to connect to a database after a "REVOKE CONNECT ... FROM theuser". The
reason theuser is still able to connect is because PUBLIC still has
privileges to connect by default (AndrewSN was the one who answered
this).

Would it be reasonable to throw a warning if you revoke a privilege from
some role, and that role inherits the privilege from some other role (or
PUBLIC)?

Regards,
Jeff Davis

Tom Lane

tgl@sss.pgh.pa.us

about 18 years ago

In reply to: Jeff Davis (#1)

Re: new warning message

Jeff Davis <pgsql@j-davis.com> writes:

Would it be reasonable to throw a warning if you revoke a privilege from
some role, and that role inherits the privilege from some other role (or
PUBLIC)?

This has been suggested and rejected before --- the consensus is it'd
be too noisy.

Possibly the REVOKE manual page could be modified to throw more stress
on the point.

regards, tom lane

Bruce Momjian

bruce@momjian.us

about 18 years ago

In reply to: Tom Lane (#2)

Re: [HACKERS] new warning message

Tom Lane wrote:

Jeff Davis <pgsql@j-davis.com> writes:

Would it be reasonable to throw a warning if you revoke a privilege from
some role, and that role inherits the privilege from some other role (or
PUBLIC)?

This has been suggested and rejected before --- the consensus is it'd
be too noisy.

Possibly the REVOKE manual page could be modified to throw more stress
on the point.

Agreed, patch attached and applied.

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

new warning message

Attachments: