From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Markus Wanner <markus(at)bluegap(dot)ch>, Alex Hunsaker <badalex(at)gmail(dot)com>, PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: New patch for Column-level privileges |
Date: | 2009-01-08 20:34:51 |
Message-ID: | 20090108203451.GU26233@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom, et al,
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
> > ExecCheckRTEPerms() checks user's privileges on columns, when he does
> > not have required privileges on the table. When he has proper privileges
> > on all the appeared columns within the table, it is allowed.
> > But, when no columns are used on the table, it applies result of checks
> > on the table.
>
> Surely the SQL spec tells us what to do here (and I cannot believe this
> is it...)
Based on what I see in the SQL spec, we have to allow table references
like this when the user has SELECT rights on at least one column of the
table. If the column is referenced anywhere (SELECT clause, WHERE
clause, JOIN clause, through a NATURAL JOIN, etc) then the user must
have SELECT rights on the mentioned column(s).
I'm open to suggestions about how to handle this. My first thought
would be- add an entry to the cols_sel list for the RTE that is special
and indicates "any column", perhaps by using a '0' for the attrid, as is
done elsewhere. Then modify ExecCheckRTEPerms() to handle it.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Simon Riggs | 2009-01-08 20:37:52 | Re: Hot standby, slot ids and stuff |
Previous Message | Martijn van Oosterhout | 2009-01-08 20:33:43 | Re: Significant oversight in that #include-removal script |