Privs
Few minor things...
1. DROP OWNED BY does not drop databases owned by the role. Should it? I
would say not. This causes this strangeness
postgres=# drop owned by fred;
DROP OWNED
postgres=# drop user fred;
ERROR: role "fred" cannot be dropped because some objects depend on it
DETAIL: access to database fred
Now I can see the detail "access to database fred" but its not
completely clear that this means "fred still owns database fred".
2. REASSIGN OWNED BY cannot be executed by the role that is being
reassigned. It throws
ERROR: permission denied to reassign objects
It seems strange that you can GRANT a priv to another user, yet you
cannot REASSIGN ownership.
3. CREATE DATABASE syntax is OWNER = x. We might wish to deprecate that
(but not remove it) and add OWNED BY x to make the "OWNED BY" phrase
work in all places that need owners.
--
Simon Riggs www.2ndQuadrant.com
Simon Riggs <simon@2ndQuadrant.com> writes:
1. DROP OWNED BY does not drop databases owned by the role. Should it? I
would say not. This causes this strangeness
postgres=# drop owned by fred;
DROP OWNED
postgres=# drop user fred;
ERROR: role "fred" cannot be dropped because some objects depend on it
DETAIL: access to database fred
Works as expected for me:
regression=# create user fred;
CREATE ROLE
regression=# create database dd owner = fred;
CREATE DATABASE
regression=# drop owned by fred;
DROP OWNED
regression=# drop user fred;
ERROR: role "fred" cannot be dropped because some objects depend on it
DETAIL: owner of database dd
regression=#
2. REASSIGN OWNED BY cannot be executed by the role that is being
reassigned. It throws
ERROR: permission denied to reassign objects
It seems strange that you can GRANT a priv to another user, yet you
cannot REASSIGN ownership.
Why do yo think that is strange? Giving away ownership is traditionally
forbidden in most privilege systems. If you don't see why, think about
it from a cracker's perspective.
3. CREATE DATABASE syntax is OWNER = x. We might wish to deprecate that
(but not remove it) and add OWNED BY x to make the "OWNED BY" phrase
work in all places that need owners.
That just moves the inconsistency from one place to another, ie the
OWNER option of CREATE DATABASE would work differently from every
other option.
regards, tom lane
On Fri, 2010-04-02 at 10:46 -0400, Tom Lane wrote:
Simon Riggs <simon@2ndQuadrant.com> writes:
1. DROP OWNED BY does not drop databases owned by the role. Should it? I
would say not. This causes this strangenesspostgres=# drop owned by fred;
DROP OWNED
postgres=# drop user fred;
ERROR: role "fred" cannot be dropped because some objects depend on it
DETAIL: access to database fredWorks as expected for me:
regression=# create user fred;
CREATE ROLE
regression=# create database dd owner = fred;
CREATE DATABASE
regression=# drop owned by fred;
DROP OWNED
regression=# drop user fred;
ERROR: role "fred" cannot be dropped because some objects depend on it
DETAIL: owner of database dd
regression=#
Hmmm, I get that also: I can't repeat the error message I got before. Oh
well. I'll guess that the message was accurate after all.
2. REASSIGN OWNED BY cannot be executed by the role that is being
reassigned. It throws
ERROR: permission denied to reassign objectsIt seems strange that you can GRANT a priv to another user, yet you
cannot REASSIGN ownership.Why do yo think that is strange? Giving away ownership is traditionally
forbidden in most privilege systems. If you don't see why, think about
it from a cracker's perspective.
OK
I will add a few short words to both command docs to describe the
behaviour.
--
Simon Riggs www.2ndQuadrant.com