| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Markus Wanner <markus(at)bluegap(dot)ch>, PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: WIP: Column-level Privileges |
| Date: | 2008-11-02 12:53:40 |
| Message-ID: | 20081102125340.GT4452@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > ... A case I just realized might be an issue is
> > doing a 'select 1 from x;' where you have *no* rights on x, or any
> > columns in it, would still get you the rowcount.
>
> Well, if you have table-level select on x, I would expect that to work,
> even if your privs on every column of x are revoked. If the patch
> doesn't get this right then it needs more work ...
Table-level select on x is equivilant to having column-level select on
every column, per the spec. The issue here, that I'm planning to fix
shortly, is that you could get a rowcount without having table-level or
column-level select rights on the table.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2008-11-02 13:13:32 | Re: WIP: Column-level Privileges |
| Previous Message | Martijn van Oosterhout | 2008-11-02 10:53:17 | Re: Well done, Hackers |