From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Markus Wanner <markus(at)bluegap(dot)ch>, PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: WIP: Column-level Privileges |
Date: | 2008-11-02 04:13:14 |
Message-ID: | 20081102041314.GS4452@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Markus, et al,
* Stephen Frost (sfrost(at)snowman(dot)net) wrote:
> I also wonder if you could use joins or something
> to extract information about columns you're not supposed to have access
> to, or where clauses, etc..
welp, I've done some additional testing and there's good news and bad, I
suppose. The good news is that when relations are join'd, they go
through expandRelation, which adds all the columns in that relation to
the 'required' set, so you have to have rights to all columns on a table
to join against it in the normal way.
On the other hand, you can just select out the columns you have access
to in a subquery and then join against *that* and it works. updates
with where clauses and inserts-with-selects seem to work correctly
though, which is nice. A case I just realized might be an issue is
doing a 'select 1 from x;' where you have *no* rights on x, or any
columns in it, would still get you the rowcount. That might not be too
hard to fix though, I'll look into it tomorrow sometime.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Hitoshi Harada | 2008-11-02 04:19:37 | Re: Windowing Function Patch Review -> Performance Comparison. |
Previous Message | Stephen Frost | 2008-11-02 03:45:17 | Re: WIP: Column-level Privileges |