On Fri, May 13, 2005 at 03:43:54PM -0500, Harris, Richard wrote: Hi, > I'm using PostgreSQL 8.0. I created a group called grpA and granted grpA > 'SELECT' permission on view viewA. When I dropped grpA and created group > grpB, group grpB 'automatically' has SELECT permission to viewA. After > dropping a group with permission to a view, I see that the permission > stored in the relacl field fo pg_class is changed from the group name to > the sysid of the dropped group. When a new group is created, it gets a > sysid that is one greater than the largest of the sysid (e.g., the sysid > of the last group dropped). Thus the new group may 'inherit' the > permissions of a dropped group. > > I have not found this behavior documented any where. Is this behavior > intended? What do I need to do so that when I drop a group all the > permissions of the group are also 'dropped' (i.e., cleared from the > relacl field)? This is a known limitation. You have to remove the group from all ACLs before dropping the group; OTOH you can specify a SYSID when creating a group. We are working on it, and hopefully in 8.1 you will be told where the user/group is referenced if you try to drop it. Automatically deleting the references from all ACLs has not been discussed but it's a possible outcome of the implementation. -- Alvaro Herrera (<alvherre[a]surnet.cl>) "And as an added bonus, now my computer goes to the toilet for me, leaving me free to spend time on more useful activities! yay slug codefests!" (C. Parker)
