Re: [HACKERS] Omission in GRANT documentation

2017-10-12 Thread Laurenz Albe 
Tom Lane wrote:
>> But types also have the USAGE privilege for PUBLIC by default:
> 
> Yup, that's an oversight.
> 
>> Hence I propose the attached documentation patch.
> 
> Pushed, with a bit of additional wordsmithing.

Thanks for taking the time.

Yours,
Laurenz Albe



-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] Omission in GRANT documentation

2017-10-11 Thread Tom Lane 
Laurenz Albe  writes:
> grant.sgml says that
>the default privileges granted to PUBLIC are as follows: CONNECT and
>CREATE TEMP TABLE for databases; EXECUTE privilege for functions;
>and USAGE privilege for languages.

> But types also have the USAGE privilege for PUBLIC by default:

Yup, that's an oversight.

> Hence I propose the attached documentation patch.

Pushed, with a bit of additional wordsmithing.

regards, tom lane


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[HACKERS] Omission in GRANT documentation

2017-10-10 Thread Laurenz Albe 
grant.sgml says that

   the default privileges granted to PUBLIC are as follows: CONNECT and
 
   CREATE TEMP TABLE for databases; EXECUTE privilege for functions;
   and USAGE privilege for languages.

But types also have the USAGE privilege for PUBLIC by default:

test=> CREATE TYPE bug_status AS ENUM ('new', 'open', 'closed');
CREATE TYPE
test=> GRANT USAGE ON TYPE bug_status TO duff;
GRANT
test=> REVOKE USAGE ON TYPE bug_status FROM duff;
REVOKE
test=> \dT+ bug_status
 List of data types
 Schema |Name| ... |  Owner  | Access privileges | ...
++-+-+---+-
 public | bug_status |     | laurenz | =U/laurenz   +| 
|| | | laurenz=U/laurenz | 
(1 row)

Hence I propose the attached documentation patch.

Yours,
Laurenz AlbeFrom e1213e1e91cd0c45fcca8df492f1017f2eacc4bc Mon Sep 17 00:00:00 2001
From: Laurenz Albe 
Date: Tue, 10 Oct 2017 09:21:36 +0200
Subject: [PATCH] Fix documentation of default privileges for types

Document that PUBLIC has USAGE privileges on newly created types.
---
 doc/src/sgml/ref/grant.sgml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
index c63252c..8936963 100644
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -161,7 +161,7 @@ GRANT role_name [, ...] TO PUBLIC are as follows:
CONNECT and CREATE TEMP TABLE for
databases; EXECUTE privilege for functions; and
-   USAGE privilege for languages.
+   USAGE privilege for languages and types.
The object owner can, of course, REVOKE
both default and  expressly granted privileges. (For maximum
security, issue the REVOKE in the same transaction that
-- 
2.9.5


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers