sql: user with GRANT privilege can grant privileges they don't have #45211
Labels
A-security
A-sql-privileges
SQL privilege handling and permission checks.
C-question
A question rather than an issue. No code/spec/doc change needed.
Currently, if a user has the GRANT privilege on an object, they can grant any other privilege on that object, even if they don't have that privilege. @knz feels that users should only be allowed to grant privileges they already have.
Note that Postgres does not have the GRANT privilege. Instead, when a user is granted a privilege, they are then allowed to grant that privilege to other users if WITH GRANT OPTION was specified. We do not currently support this level of granularity.
Intuitively it makes sense to me that a user would not be able to grant privileges they don't have. I'm somewhat worried about breaking backward compatibility though.
@awoods187 would you like to weigh in on whether we should make this change, and if so whether we should prioritize it for 20.1?
The text was updated successfully, but these errors were encountered: