Thread: tables permissions once again

tables permissions once again

From

Partyka Robert

Date:

03 November 2000, 17:35:22

Hi

Yeach ... I can revoke from public now ;), but .....
look at this:
#create database a
CREATE

#\c a
#create table ala(a int4);
CREATE

#\z
Access permissions for database "a"Relation | Access permissions
----------+--------------------ala      |
(1 row)

#revoke all on ala from public;
CHANGE
#\z
Access permissions for database "a"Relation |  Access permissions
----------+-----------------------ala      | {"=","postgres=arwR"}
(1 row)

hmmm.... is everything work ok ?

regards
Robert 'BoBsoN' Partyka

Re: tables permissions once again

From

Tom Lane

Date:

03 November 2000, 17:56:34

Partyka Robert <bobson@saturn.alpha.pl> writes:
> #create table ala(a int4);
> CREATE

> #\z
> Access permissions for database "a"
>  Relation | Access permissions
> ----------+--------------------
>  ala      |
> (1 row)

> #revoke all on ala from public;
> CHANGE
> #\z
> Access permissions for database "a"
>  Relation |  Access permissions
> ----------+-----------------------
>  ala      | {"=","postgres=arwR"}
> (1 row)

> hmmm.... is everything work ok ?

Yup, that's the expected behavior.  Initially the relacl entry for a new
table is NULL, which the system will interpret as default access rights
(namely, world=no rights, owner=all rights).  As soon as you issue a
GRANT or REVOKE, a real ACL gets installed --- which will consist of the
default access rights made explicit and then modified per your GRANT or
REVOKE.  At that point you see something in \z, whereas psql doesn't
show anything in \z for a NULL acl entry.

AFAIK it's always worked like that...
        regards, tom lane