Search Postgresql Archives

Re: Remove default privilege from DB

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stephen Frost <sfrost@xxxxxxxxxxx> writes:
> * David G. Johnston (david.g.johnston@xxxxxxxxx) wrote:
>> ​Not sure if this is what you mean but there is no concept of "negative
>> state" in the permissions system.  Everything starts out with no
>> permissions.  Grant adds permissions and revoke un-adds granted
>> permissions.​  Revoking something that doesn't exist is either a no-op or a
>> warning depending on the context - either way its doesn't setup a
>> "forbidden" state for the permission.

> This isn't entirely correct.  Functions are the classic example where
> EXECUTE to PUBLIC is part of the default and the "negative" state of
> having a function where EXECUTE is REVOKE'd from PUBLIC is entirely
> reasonable and even common.

FWIW, I thought David's description was fine.  The fact that the initial
state of an object typically includes some positive grants doesn't change
the fact that there's no such thing as a negative grant.  In particular,
if there is a GRANT TO PUBLIC, no amount of revoking that privilege from
individual users will have any effect, because the public grant is still
there.

			regards, tom lane





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux