| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Q on SELECT column list pushdown from view to table |
| Date: | 2025-03-26 20:36:55 |
| Message-ID: | 1776634.1743021415@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> writes:
> Am Tue, Mar 25, 2025 at 06:55:34PM -0400 schrieb Tom Lane:
>> Works fine if you don't mess with the view's security_invoker
>> status.
> I know but doing so was kind of the point.
[ shrug... ] It's not going to work. When the view is inlined into
the calling query, you end up with the exact equivalent of
select public_col from (
select
public_col,
private_col
from
t_partially_private
) as v_partially_private;
With the normal security_definer view processing, the reference
to t_partially_private is treated with the privileges of
v_partially_private's owner, and all is well. But with
security_invoker, the whole thing is treated with the caller's
privileges, and so the reference to private_col fails.
It is intentional that this happens even if the reference to
private_col is subsequently optimized away. To do otherwise
would make implementation artifacts in the optimizer far too
visible, and there's also a very strong case that it would
violate the SQL standard.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karsten Hilbert | 2025-03-26 21:14:29 | Re: Q on SELECT column list pushdown from view to table |
| Previous Message | Christophe Pettus | 2025-03-26 20:30:02 | Re: Trying to dynamically create a procedure |