Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vJaTj-00C4bE-14 for pgsql-bugs@arkaria.postgresql.org; Thu, 13 Nov 2025 16:47:22 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vJaTg-002li1-28 for pgsql-bugs@arkaria.postgresql.org; Thu, 13 Nov 2025 16:47:20 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vJaTg-002lhs-11 for pgsql-bugs@lists.postgresql.org; Thu, 13 Nov 2025 16:47:20 +0000 Received: from mail-il1-x12e.google.com ([2607:f8b0:4864:20::12e]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vJaTe-007Zc5-0U for pgsql-bugs@lists.postgresql.org; Thu, 13 Nov 2025 16:47:20 +0000 Received: by mail-il1-x12e.google.com with SMTP id e9e14a558f8ab-433100c59dcso4974565ab.0 for ; Thu, 13 Nov 2025 08:47:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763052436; x=1763657236; darn=lists.postgresql.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=Us5HoN/qdA3mKhPdaA7fSx8JzcXyocM/DvijtuwKJns=; b=CxBitqcPRhyDsXP7bcoGM8UJgeandhfMxLzQVlU6iFOVOqY3/znUcdAcBIJ/pGlEyM N+N38OQUjDY4ZeR6baAwFgfNr5xtN/0E1+xrd/sZ7Gs3qN76acAp5RHficErfsGxEwjJ AqGB8XV0L7MrgVY/psdhVJVRLCCmi9ZRXEStlloRwdUcOivpzNhM+SG/em3IigAC/3bJ PEsFOKlWKy+fHNYQlnzToTPDFhvytnMJlSHibKlE5/NBPsGTiVAzR7pxETfA6tG+/GS8 NMqeFwOEPQ/78KnQ2vk5+FBT/f9A861nJrsxumVvE31nW3O3RPCMqRvBNBiHe74Ad2PZ I+XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763052436; x=1763657236; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Us5HoN/qdA3mKhPdaA7fSx8JzcXyocM/DvijtuwKJns=; b=lD8LborViXBqL6nxTio/QYxuLJEXuGR/O8gdiDhqmlgMnq1TTm6km5iUpHUoT27gq7 1ZdCmJnKyvxNhAoJr9ojSZ1VzvE9mFgmXAMkLkzyzqI/5RRjIpQbh9XH0zXGdoTat/19 1zV1Vpmh+tjpNi7N0fj3D2i3x0ekPcp0Yi++bkiuUkkA7pJSvV/FQkLlRYWiNpSVTvQe 95mUnSMCGsr0Ezbn0vzdUllSzcA/hrY8ZMz7qKJfzpCvnNY8h/Dfx1T2kws5joADXxzY fi7UW9m3i2zOkLgyNhtY5s/oZPmrP9RnV3Tq2qil4iy7zltZfqA9FooTbwQZQnfoOsNu gS/w== X-Forwarded-Encrypted: i=1; AJvYcCUve9h7Qm9l35YNfv4oynCagNGpWFCsFiIejSSzJHGiAqZz+K8bSlswrl3pxO2ZyyN3yqqUOnzvU/pv@lists.postgresql.org X-Gm-Message-State: AOJu0Yz0RrPahhr2qqS4xUJtWWtQh30KIuQGByGzmc58SUlpI2FT3Fdk obtVUTcj42K1fB17mikpVHpJ1DW9JUxeWhIXM/3bcIL0eDrOrs+piXVa X-Gm-Gg: ASbGnctw0aR4uXxmQDMLIrE+9ukgCQBri2fwvwx8honAANnK4Tpq3vOfigTcupCdsua b8/rZRuEYg9VtWi55UqM3/s16H3Qr7pDxboZNkikDv1LfWgBTp79X3iJZCJIf9cvun+G2Q3SFT+ Gf5Y3S8H51vnCOf+FIGz7I6VBLM8WmvtXlc/D3nXKmLfUknZ82ooRksQAGyeZryTg0o5NZSmhNT h7sOavZH1RkvgHqE0rXlXIol49hBICYXiFcPCZB+AVn86pyaj7ZeJQ8POCsk7ibWxDMx6FZ6EVG B6QK3ZjNgQlU9Zw8qYfspuTNJCM+e+ZfLIa+wM5zB2/AlTP0RkfdqqNtkMPxHMl/IQVc7iWr9Fd Y68Baa9Itbx4XzrRdXaQfXy8iQPvA+YVaHrshv+ix5ChDad7AeWBppd4oxZK9xmJt0tzCLc+EKw CHAY1nJIV/j4Df+hlKHsb3Fz7A79u1JGLOiDMyzt/BVWBXEotk+dET6DbjExdbjH0L/g== X-Google-Smtp-Source: AGHT+IHNho3h3SX601vcu2LxFnAj+WUYOgYAO8v16awrhvTg7YgwrRlanHScvIQrIi4xEXYrngEU/A== X-Received: by 2002:a05:6e02:12e5:b0:433:7e03:3ecd with SMTP id e9e14a558f8ab-4348c93e2b5mr2145305ab.27.1763052436393; Thu, 13 Nov 2025 08:47:16 -0800 (PST) Received: from nathan (162-195-168-172.lightspeed.stlsmo.sbcglobal.net. [162.195.168.172]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-5b7bd33093bsm888101173.42.2025.11.13.08.47.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 08:47:15 -0800 (PST) Date: Thu, 13 Nov 2025 10:47:14 -0600 From: Nathan Bossart To: "David G. Johnston" Cc: Tom Lane , "Ing. Marijo Kristo" , PostgreSQL Bug List Subject: Re: =?utf-8?B?wqAgUmU=?= =?utf-8?Q?=3A?= Re: Revoke Connect Privilege from Database not working Message-ID: References: <3467676.1744041977@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0180Z+uLTgRXM/m1" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0180Z+uLTgRXM/m1 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit On Mon, Apr 07, 2025 at 09:22:45AM -0700, David G. Johnston wrote: > On Mon, Apr 7, 2025 at 9:06 AM Tom Lane wrote: >> I believe what's going on there is explained by the rule that >> "grants and revokes done by a superuser are done as if issued >> by the object owner". So here, what would be revoked is >> test_user=c/postgres, which isn't the privilege at issue. >> Include GRANTED BY in the REVOKE to override the default >> choice of grantor. > > The command in question did include "granted by" which is why this is a > bug. The explicit granted by specification is being ignored if the > invoking user is a superuser. This is admittedly a half-formed idea, but perhaps we could have whatever's specified in GRANTED BY override select_best_grantor(), like in the attached patch. I've no idea if this is the intention of the standard, but it should at least address the reported issue. FWIW I recently received an independent report about the same thing. -- nathan --0180Z+uLTgRXM/m1 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=v1-0001-GRANTED-BY.patch