Participants
Tom Lane
Tom Lane
PostgreSQL Bugs List
PostgreSQL Bugs List
Thomas Lockhart
Thomas Lockhart
Attachments
Show all attachments
Thread Outline
#1PostgreSQL Bugs ListPostgreSQL Bugs List
Aug 26, 2002
#2Tom LaneTom Laneto PostgreSQL Bugs List (#1)
Aug 26, 2002
#3...#4
Thomas LockhartTom Lane
to PostgreSQL Bugs List (#1)
Aug 27, 2002
#3Thomas LockhartThomas Lockhartto PostgreSQL Bugs List (#1)
Aug 27, 2002
#4Tom LaneTom Laneto Thomas Lockhart (#3)
Aug 27, 2002

Bug #746: Drop user damages security on tables

Started by PostgreSQL Bugs Listover 23 years ago4 messagesbugs
Jump to latest
#1PostgreSQL Bugs List
PostgreSQL Bugs List
pgsql-bugs@postgresql.org

Mickey Parker (parkerm@hst.stoneridge.com) reports a bug with a severity of 1
The lower the number the more severe it is.

Short Description
Drop user damages security on tables

Long Description
A user was setup and had GRANT permissions on individual tables in a database. After the user was dropped, using the /z from psql command line showed the user ID still existing in the individual table permissions. After the drop, several other users then were unable to execute SELECT or INSERT on this table. These users would get a -601 error when trying to do a SELECT or INSERT. Also, trying to REVOKE permissions on the user ID that belonged to the dropped user resulted in a parse error.

Sample Code

No file was uploaded with this report

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: PostgreSQL Bugs List (#1)
Re: Bug #746: Drop user damages security on tables

pgsql-bugs@postgresql.org writes:

A user was setup and had GRANT permissions on individual tables in a database. After the user was dropped, using the /z from psql command line showed the user ID still existing in the individual table permissions. After the drop, several other users then were unable to execute SELECT or INSERT on this table. These users would get a -601 error when trying to do a SELECT or INSERT. Also, trying to REVOKE permissions on the user ID that belonged to the dropped user resulted in a parse error.

What is a "-601 error"? There's surely no such message in Postgres.

Also, "a parse error" is quite an unhelpful report. Show us the exact
command you tried to issue.

It's true that DROP USER doesn't do anything about removing ACL entries
that reference that user, but there are no known problems resulting
from that, so I'm suspicious that your report is entirely user error.
Without seeing a reproducible test case it's difficult to do anything
anyway.

regards, tom lane

#3Thomas Lockhart
Thomas Lockhart
lockhart@fourpalms.org
In reply to: PostgreSQL Bugs List (#1)
Re: Bug #746: Drop user damages security on tables

A user was setup and had GRANT permissions on individual tables in a database. After the user was dropped, using the /z from psql command line showed the user ID still existing in the individual table permissions. After the drop, several other users then were unable to execute SELECT or INSERT on this table. These users would get a -601 error when trying to do a SELECT or INSERT. Also, trying to REVOKE permissions on the user ID that belonged to the dropped user resulted in a parse error.

What is a "-601 error"? There's surely no such message in Postgres.

There surely is in ecpg:

ecpgerrno.h:#define ECPG_WARNING_QUERY_IGNORED -601

These error codes are typically chosen to conform to SQL9x or to
Oracle's conventions, though I haven't looked into this one in a
while...

- Thomas

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Thomas Lockhart (#3)
Re: Bug #746: Drop user damages security on tables

Thomas Lockhart <lockhart@fourpalms.org> writes:

What is a "-601 error"? There's surely no such message in Postgres.

There surely is in ecpg:
ecpgerrno.h:#define ECPG_WARNING_QUERY_IGNORED -601

Hmm ... maybe, but a query-ignored failure could only happen in the
case of multiple commands wrapped in a transaction block. Which still
leaves us needing more context than the complaint offered ...

regards, tom lane

← Back to Topics