dbTalk Databases Forums  

Re: [BUGS] BUG #1497: Default permissions allow any user to create objects

Go Back dbTalk Databases Forums Databases mailing.database.pgsql-bugs Re: [BUGS] BUG #1497: Default permissions allow any user to create objects

mailing.database.pgsql-bugs mailing.database.pgsql-bugs


Discuss Re: [BUGS] BUG #1497: Default permissions allow any user to create objects in the mailing.database.pgsql-bugs forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
Bruce Momjian
 
Posts: n/a

Default Re: [BUGS] BUG #1497: Default permissions allow any user to create objects - 02-23-2005 , 11:14 PM





Barry Brown wrote:
Quote:
The following bug has been logged online:

Bug reference: 1497
Logged by: Barry Brown
Email address: barry (AT) cs (DOT) sierracollege.edu
PostgreSQL version: 8.0.1
Operating system: RHEL 3.0
Description: Default permissions allow any user to create objects in
any database
Details:

The docs say that initially only the owner of a database may use the objects
created in it. But I have found that ANY user can work with any object by
default, even in the template1 database.
Uh, where did you see that in the docs?

--
Bruce Momjian | http://candle.pha.pa.us
pgman (AT) candle (DOT) pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings


Reply With Quote
  #2  
Old   
Bruce Momjian
 
Posts: n/a

Default Re: [BUGS] BUG #1497: Default permissions allow any user to create objects - 02-24-2005 , 08:36 PM





Barry Brown wrote:
Quote:
The docs say that initially only the owner of a database may use the
objects
created in it. But I have found that ANY user can work with any
object by
default, even in the template1 database.

Uh, where did you see that in the docs?

First paragraph of section 17.4 (Privileges):

"When a database object is created, it is assigned an owner. .... By
default, only an owner (or a superuser) can do anything with the
object. In order to allow other users to use it, privileges must be
granted."

To me, that paragraphs says that only the owner of a database can do
anything with it and all other privileges must be explicitly granted to
others.
Yea, that is confusing. When they say "database object", the don't mean
database, but object created in the database, like a table or view.

I modified the text to not mention "database":

When an object is created, it is assigned an owner. The

--
Bruce Momjian | http://candle.pha.pa.us
pgman (AT) candle (DOT) pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly


Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top