Fw: DB and Table Permissions

Started by Dan Wilsonabout 25 years ago2 messages

phpPgAdmin@acucore.com

about 25 years ago

I sent this to the general list and got no response so I figure I can take
it to the people who actually make the decisions.

Is this a security bug or is it by design?

----- Original Message -----
From: "Dan Wilson" <phpPgAdmin@acucore.com>
To: "pgsql general" <pgsql-general@postgresql.org>
Sent: Sunday, November 19, 2000 9:33 AM
Subject: DB and Table Permissions

Show quoted text

Is there a reason why _any_ user can create a table on a database? Even if
they do not own or have any permissions to it?

I don't think that should happen. Is there a specific reason why it does?

-Dan Wilson

Dan Wilson

phpPgAdmin@acucore.com

about 25 years ago

In reply to: Dan Wilson (#1)

Re: Fw: DB and Table Permissions

----- Original Message -----
From: "Dan Wilson" <phpPgAdmin@acucore.com>
To: "pgsql general" <pgsql-general@postgresql.org>
Sent: Sunday, November 19, 2000 9:33 AM
Subject: DB and Table Permissions

Is there a reason why _any_ user can create a table on a database?

Even if

they do not own or have any permissions to it?

I don't think that should happen. Is there a specific reason why it

does?

Well, you should be able to do "GRANT ..." statements against the pg_...
tables to control this if you want to.

Cheers,
Andrew.

Using GRANT and REVOKE statements doesn't help because the permissions are
attached to the table, not the database. So any user can create a new table
within a database even if they are not the owner. I think this needs to be
corrected somehow.
-Dan