Re: bug in permission handling?

Martin Renters <martin@datafax.com>

From: Martin Renters <martin@datafax.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Martin Renters <martin@datafax.com>, pgsql-hackers@postgresql.org
Date: 2002-01-14T16:12:48Z
Lists: pgsql-hackers
On Mon, Jan 14, 2002 at 10:29:01AM -0500, Tom Lane wrote:
> Martin Renters <martin@datafax.com> writes:
> > Should the permissions of a deleted user get assigned to a new user
> > as in the example below?
> 
> That can happen, since the default "usesysid" assignment is "max
> existing usesysid + 1".  If you delete the last user then their sysid
> becomes a candidate for reassignment.  This is not real good, but fixing
> it isn't that high on the priority list (and is difficult to do unless
> we take away the option of hand-assigned sysids ... otherwise we could
> just have a sequence generator for sysids).

Isn't it possible for PostgreSQL to delete permissions on tables when a
user gets deleted?  It seems to be a bit of a security issue when a new
user suddenly inherits permissions he shouldn't have.

Martin