pgadmin at pse-consulting
Apr 4, 2012, 12:55 AM
Post #1 of 1
(128 views)
Permalink
|
|
wrong privileges on collection with multiple groups
|
|
When a user has different privileges on a collection due to membership
in several groups, the sql function path_privs might not get the correct
resulting privileges. This happens because the query
SELECT privileges
INTO out_conferred
FROM grants
WHERE by_collection = grantor_collection
AND (to_principal=in_accessor OR to_principal
IN (SELECT expand_memberships(in_accessor,in_depth)));
can deliver more than one row in this case, and it's quite arbitrary
whether the highest privilege is first or not. The correct solution is
probably to or-aggregate all bits to obtain all privileges over all
groups the user is member in:
SELECT bit_or(privileges)
INTO out_conferred
FROM grants
WHERE by_collection = grantor_collection
AND (to_principal=in_accessor OR to_principal
IN (SELECT expand_memberships(in_accessor,in_depth)));
Please cc me because I'm off-list.
Regards,
Andreas
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Davical-general mailing list
Davical-general [at] lists
https://lists.sourceforge.net/lists/listinfo/davical-general
|
