BUG #16603: Permission issue

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BUG #16603: Permission issue

PG Doc comments form
The following bug has been logged on the website:

Bug reference:      16603
Logged by:          PostgreSQL create database with full privileges granted to one specific
user.
Email address:      [hidden email]
PostgreSQL version: 12.4
Operating system:   Linux and Windows
Description:        

The following MySQL query: GRANT ALL PRIVILEGES ON database_name.* TO
'username'@'localhost'; allows one to assign one database to a given user.
That includes ALL permissions even database creation.
Currently this behavior is impossible in PostgreSQL: One can create a
database and GRANT ALL PRIVILEGES however this won't grant the CREATEDB
permission on that database. The bug/issue here is that CREATEDB cannot be
assigned to a specific database/user combination.

Currently this bug prevents development of some applications. As such in one
of my application I was forced to drop support for PostgreSQL and return to
MySQL.

Reply | Threaded
Open this post in threaded view
|

Re: BUG #16603: Permission issue

Stephen Frost
Greetings,

* PG Bug reporting form ([hidden email]) wrote:
> The following MySQL query: GRANT ALL PRIVILEGES ON database_name.* TO
> 'username'@'localhost'; allows one to assign one database to a given user.
> That includes ALL permissions even database creation.

> Currently this behavior is impossible in PostgreSQL: One can create a
> database and GRANT ALL PRIVILEGES however this won't grant the CREATEDB
> permission on that database. The bug/issue here is that CREATEDB cannot be
> assigned to a specific database/user combination.

No, it's not currently possible to GRANT access to objects that don't
exist in PG.  This isn't a bug, as for if it's a possible future
feature, maybe (there's a current patch that I'm working on to GRANT
things like 'read only' or 'write only' access to all tables/views/etc),
but I don't expect to ever support the ability for GRANT to explicitly
name an object that doesn't exist yet (seems like it'd be rather
concerning too, because what if someone *else* created that database?
Suddenly this user has access to it?  No, thanks).

> Currently this bug prevents development of some applications. As such in one
> of my application I was forced to drop support for PostgreSQL and return to
> MySQL.

This hasn't ever worked in PG, so it seems a little curious that it's
the cause for PG support to be dropped.  Still, it's definitely not a
bug and certainly wouldn't be added to existing releases.  If you're
interested in following the development of PG, I'd suggest you take a
look at the -hackers mailing list.

Thanks,

Stephen

signature.asc (836 bytes) Download Attachment