| Lists: | pgsql-bugs |
|---|
| From: | "Richard Rowell" <richard(dot)rowell(at)gmail(dot)com> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #3540: "REVOKE CREATE ON SCHEMA" public doesn't work |
| Date: | 2007-08-15 16:29:39 |
| Message-ID: | 200708151629.l7FGTdps040132@wwwmaster.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-bugs |
The following bug has been logged online:
Bug reference: 3540
Logged by: Richard Rowell
Email address: richard(dot)rowell(at)gmail(dot)com
PostgreSQL version: 8.2
Operating system: Linux
Description: "REVOKE CREATE ON SCHEMA" public doesn't work
Details:
richard(at)meowth:~/download$ createdb perm_test
CREATE DATABASE
richard(at)meowth:~/download$ psql -U postgres perm_test
Welcome to psql 8.2.4, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
perm_test=> create schema foo;
CREATE SCHEMA
perm_test=# create role bar login;
CREATE ROLE
perm_test=> revoke create on schema foo from bar;
REVOKE
perm_test=# revoke create on schema public from bar;
REVOKE
perm_test=# \q
richard(at)meowth:~/download$ psql -U bar perm_test
Welcome to psql 8.2.4, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
perm_test=> create table foo.test (uid integer);
ERROR: permission denied for schema foo
perm_test=> create table test (uid integer);
CREATE TABLE
| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Richard Rowell <richard(dot)rowell(at)gmail(dot)com> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #3540: "REVOKE CREATE ON SCHEMA" public doesn't work |
| Date: | 2007-08-15 17:19:17 |
| Message-ID: | 20070815171917.GE25596@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-bugs |
Richard Rowell escribió:
> perm_test=> revoke create on schema foo from bar;
>
> REVOKE
>
> perm_test=# revoke create on schema public from bar;
>
> REVOKE
You have to revoke from PUBLIC too, otherwise the user still has access
via that one.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
| From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
|---|---|
| To: | "Richard Rowell" <richard(dot)rowell(at)gmail(dot)com>, <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #3540: "REVOKE CREATE ON SCHEMA" public doesn't work |
| Date: | 2007-08-15 17:44:04 |
| Message-ID: | 46C2F513.EE98.0025.0@wicourts.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-bugs |
>>> On Wed, Aug 15, 2007 at 11:29 AM, in message
<200708151629(dot)l7FGTdps040132(at)wwwmaster(dot)postgresql(dot)org>, "Richard Rowell"
<richard(dot)rowell(at)gmail(dot)com> wrote:
> perm_test=# revoke create on schema public from bar;
>
> REVOKE
>
> perm_test=> create table test (uid integer);
> CREATE TABLE
I think the problem is that bar is automatically a member of public.
revoke create on schema public from public;
should help.
-Kevin