Re: permissions denial to superuser with foreign keys

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jeff Janes <jeff(dot)janes(at)gmail(dot)com>
Cc: Pg Bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: permissions denial to superuser with foreign keys
Date: 2017-11-03 19:47:50
Message-ID: 12118.1509738470@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Jeff Janes <jeff(dot)janes(at)gmail(dot)com> writes:
> I thought superusers bypassed permissions checks, but was surprised where
> in this case they do not:

This amounts to asking for superuser permissions to propagate into
SECURITY DEFINER functions called by the superuser, which strikes me
as an utterly horrid idea.

(RI triggers aren't actually implemented with the SECURITY DEFINER
mechanism, but they act like they are.)

regards, tom lane

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message vtap 2017-11-05 18:33:52 BUG #14887: initdb.exe seems to be infected by a virus
Previous Message Jeff Janes 2017-11-03 19:42:42 permissions denial to superuser with foreign keys