Tom Lane wrote:
Bryan White <bryan@xxxxxxxxxxx> writes:
ec=# \z bulkuploadcfg
Access privileges for database "ec"
Schema | Table | Access privileges
--------+---------------+------------------------------------------------------------------
public | bulkuploadcfg |
{pconner=a*r*w*d*R*x*t*/pconner,=arwdRxt/pconner,=arwdRxt/bryan}
(1 row)
Hm, this is 7.4.what exactly? The above should be an illegal state
(assuming pconner is the table owner) because there is no grant option
to bryan allowing him to grant anything to public.
ec=# select version();
version
---------------------------------------------------------------------------------------------------------
PostgreSQL 7.4.3 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.3.2
20031022 (Red Hat Linux 3.3.2-1)
(1 row)
There was an old bug that would allow you to get into this state if
bryan was a superuser (the system would allow him to grant privileges
anyway), but according to the CVS logs we fixed that in 7.4RC1. This
table wouldn't happen to be a holdover from a 7.4 beta version would it?
bryan is a super user.
Another possibility is that you did an ALTER TABLE OWNER after assigning
some initial permissions. 7.4 had that command but it didn't do
anything about changing the ACL list to match. I think you could have
gotten to the above state if pconner were the original table owner and
had done GRANT ALL TO PUBLIC, and then you altered table ownership to
bryan and he also did GRANT ALL TO PUBLIC.
That would match the history. A while ago I changed the owner of all
tables to 'bryan'. I just noticed the permission strangeness today. I
had some problems trying to load a dump of this database onto a system
running 8.0.7 with no pconner user defined. I decided it was time to
clean this stuff up and to do that I had to go back to the source.
Best solution might be to forcibly set the table's pg_class.relacl field
to null (resetting all the permissions to default) and then grant what
you want.
That seems to fix it. Thanks!!!
--
Bryan