PostgreSQL Bugs

Collected from the PG bugs email list.

Bug ID16124
PG Version11.5
OSNixOS
Opened2019-11-18 14:44:37+00
Reported byJohn Doe
StatusNew

Body of first available message related to this bug follows.

The following bug has been logged on the website:

Bug reference:      16124
Logged by:          John Doe
Email address:      (redacted)
PostgreSQL version: 11.5
Operating system:   NixOS
Description:        

Altering default privileges in specific schema to revoke all privileges on
types from PUBLIC does nothing.

Steps to reproduce:

- Connect as superuser and execute:

CREATE ROLE ownerrole WITH INHERIT LOGIN PASSWORD 'ownerrole';
CREATE ROLE approle WITH INHERIT LOGIN PASSWORD 'approle';
CREATE DATABASE test1 ENCODING = 'UTF8' OWNER = ownerrole;
CREATE DATABASE test2 ENCODING = 'UTF8' OWNER = ownerrole;

Test 1

- Setup: Connect as ownerrole to test1 and execute the following commands:

CREATE SCHEMA myschema;
GRANT ALL PRIVILEGES ON SCHEMA myschema TO approle;
ALTER DEFAULT PRIVILEGES
    FOR ROLE ownerrole
    IN SCHEMA myschema
    REVOKE ALL PRIVILEGES ON TYPES FROM PUBLIC;
CREATE DOMAIN myschema.comment AS text;

- Test: connect as approle to test1 and execute the following command:

CREATE TABLE myschema.table(
    comment myschema.comment
);

- Actual result

The myschema.table table is created.

- Expected result:

The table creation should fail due to the following error:
ERROR:  permission denied for type myschema.comment

- Notes:

$ psql -U ownerrole -d test1
psql (11.5)
Type "help" for help.

test1=> \ddp
         Default access privileges
 Owner | Schema | Type | Access privileges 
-------+--------+------+-------------------
(0 rows)


Test 2

- Setup: Connect as ownerrole to test2 and execute the following commands
(ALTER DEFAULT PRIVILEGES is not specific to any schema):

CREATE SCHEMA myschema;
GRANT ALL PRIVILEGES ON SCHEMA myschema TO approle;
ALTER DEFAULT PRIVILEGES
    FOR ROLE ownerrole
    REVOKE ALL PRIVILEGES ON TYPES FROM PUBLIC;
CREATE DOMAIN myschema.comment AS text;

- Test: connect as approle to test2 and execute the following command:

CREATE TABLE myschema.table(
    comment myschema.comment
);

- Actual result

ERROR:  permission denied for type myschema.comment

- Expected result:

ERROR:  permission denied for type myschema.comment

- Notes:

$ psql -U ownerrole -d test2
psql (11.5)
Type "help" for help.

test2=> \ddp
             Default access privileges
   Owner   | Schema | Type |   Access privileges   
-----------+--------+------+-----------------------
 ownerrole |        | type | ownerrole=U/ownerrole
(1 row)

Messages

DateAuthorSubject
2019-11-18 14:44:37+00PG Bug reporting formBUG #16124: Altering default privileges problem
2019-11-18 15:31:21+00Tom LaneRe: BUG #16124: Altering default privileges problem