Re: bug in permission handling?
Martin Renters <martin@datafax.com>
From: Martin Renters <martin@datafax.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Martin Renters <martin@datafax.com>, pgsql-hackers@postgresql.org
Date: 2002-01-14T16:12:48Z
Lists: pgsql-hackers
On Mon, Jan 14, 2002 at 10:29:01AM -0500, Tom Lane wrote: > Martin Renters <martin@datafax.com> writes: > > Should the permissions of a deleted user get assigned to a new user > > as in the example below? > > That can happen, since the default "usesysid" assignment is "max > existing usesysid + 1". If you delete the last user then their sysid > becomes a candidate for reassignment. This is not real good, but fixing > it isn't that high on the priority list (and is difficult to do unless > we take away the option of hand-assigned sysids ... otherwise we could > just have a sequence generator for sysids). Isn't it possible for PostgreSQL to delete permissions on tables when a user gets deleted? It seems to be a bit of a security issue when a new user suddenly inherits permissions he shouldn't have. Martin