Re: DROP OWNED BY fails to clean out pg_init_privs grants
От | Hannu Krosing |
---|---|
Тема | Re: DROP OWNED BY fails to clean out pg_init_privs grants |
Дата | |
Msg-id | CAMT0RQRVKFkmL6r4WmZ6sewTnY6_bE7HyOh0Qd8wRwDz-OBbeA@mail.gmail.com обсуждение исходный текст |
Ответ на | Re: DROP OWNED BY fails to clean out pg_init_privs grants (Hannu Krosing <hannuk@google.com>) |
Ответы |
Re: DROP OWNED BY fails to clean out pg_init_privs grants
|
Список | pgsql-hackers |
Attached is a minimal patch to allow missing roles in REVOKE command This should fix the pg_upgrade issue and also a case where somebody has dropped a role you are trying to revoke privileges from : smalltest=# create table revoketest(); CREATE TABLE smalltest=# revoke select on revoketest from bob; WARNING: ignoring REVOKE FROM a missing role "bob" REVOKE smalltest=# create user bob; CREATE ROLE smalltest=# grant select on revoketest to bob; GRANT smalltest=# \du List of roles Role name | Attributes -----------+------------------------------------------------------------ bob | hannuk | Superuser, Create role, Create DB, Replication, Bypass RLS smalltest=# \dp Access privileges Schema | Name | Type | Access privileges | Column privileges | Policies --------+------------+-------+------------------------+-------------------+---------- public | revoketest | table | hannuk=arwdDxtm/hannuk+| | | | | bob=r/hannuk | | public | vacwatch | table | | | (2 rows) smalltest=# revoke select on revoketest from bob, joe; WARNING: ignoring REVOKE FROM a missing role "joe" REVOKE smalltest=# \dp Access privileges Schema | Name | Type | Access privileges | Column privileges | Policies --------+------------+-------+------------------------+-------------------+---------- public | revoketest | table | hannuk=arwdDxtm/hannuk | | public | vacwatch | table | | | (2 rows) On Sun, May 26, 2024 at 12:05 AM Hannu Krosing <hannuk@google.com> wrote: > > On Sat, May 25, 2024 at 4:48 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > > > > Hannu Krosing <hannuk@google.com> writes: > > > Having an pg_init_privs entry referencing a non-existing user is > > > certainly of no practical use. > > > > Sure, that's not up for debate. What I think we're discussing > > right now is > > > > 1. What other cases are badly handled by the pg_init_privs > > mechanisms. > > > > 2. How much of that is practical to fix in v17, seeing that > > it's all long-standing bugs and we're already past beta1. > > > > I kind of doubt that the answer to #2 is "all of it". > > But perhaps we can do better than "none of it". > > Putting the fix either in pg_dump or making REVOKE tolerate > non-existing users would definitely be most practical / useful fixes, > as these would actually allow pg_upgrade to v17 to work without > changing anything in older versions. > > Currently one already can revoke a privilege that is not there in the > first place, with the end state being that the privilege (still) does > not exist. > This does not even generate a warning. > > Extending this to revoking from users that do not exist does not seem > any different on conceptual level, though I understand that > implementation would be very different as it needs catching the user > lookup error from a very different part of the code. > > That said, it would be better if we can have something that would be > easy to backport something that would make pg_upgrade work for all > supported versions. > Making REVOKE silently ignore revoking from non-existing users would > improve general robustness but could conceivably change behaviour if > somebody relies on it in their workflows. > > Regards, > Hannu
Вложения
В списке pgsql-hackers по дате отправления:
Предыдущее
От: Jelte Fennema-NioДата:
Сообщение: Re: DISCARD ALL does not force re-planning of plpgsql functions/procedures