| From: | Stephan Szabo <sszabo(at)megazone23(dot)bigpanda(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Sergey Holod <sss(at)radiocom(dot)net(dot)ua>, <pgsql-sql(at)postgresql(dot)org> |
| Subject: | Re: Making "SECURITY DEFINER" procedures.. - SOLVED |
| Date: | 2003-04-30 04:55:24 |
| Message-ID: | 20030429215026.I66727-100000@megazone23.bigpanda.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Wed, 30 Apr 2003, Tom Lane wrote:
> Sergey Holod <sss(at)radiocom(dot)net(dot)ua> writes:
> > GRANT USAGE ON schema data TO rcbilling;
> > Don't fully undestand why I need that, but It works..
>
> Okay, that's the same bug we found just a couple days ago. Schema-usage
> errors are checked at query parse time, not execution time, and the
> foreign-key triggers weren't being careful to set the right context for
> those checks. There's a fix in place for 7.3.3.
As a more general question, as what user should triggers from an action
inside a security definer function be run as? The fk triggers will work
after changing the place the permissions are changed, but afaics user
after triggers won't unless the trigger function is also security definer.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2003-04-30 09:26:51 | Re: rules question |
| Previous Message | Tom Lane | 2003-04-30 04:10:37 | Re: Making "SECURITY DEFINER" procedures.. - SOLVED |