| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Luis Sousa <llsousa(at)ualg(dot)pt> |
| Cc: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-sql <pgsql-sql(at)postgresql(dot)org> |
| Subject: | Re: Permission on insert rules |
| Date: | 2002-11-13 14:27:01 |
| Message-ID: | 21306.1037197621@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
Luis Sousa <llsousa(at)ualg(dot)pt> writes:
> When inserting, using the rule, the insert that's defined on the rule
> works fine, but the insert defined inside the function, doesn't (that's
> the one that gives permssion denied).
Right. As of 7.3 you can fix this by making the function "setuid" (ie,
it runs with the permissions of the function owner, not the caller).
A rule's permission effects only extend as far as access rights to the
tables explicitly named in the rule. Evaluation of functions appearing
in the text of the rule is done normally --- ie, as the calling user
(unless you use the new setuid-function feature). There's been past
discussion about whether that's a good idea, but it would be quite
difficult to change it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Luis Sousa | 2002-11-13 15:09:26 | Re: Permission on insert rules |
| Previous Message | Achilleus Mantzios | 2002-11-13 12:38:01 | Re: SET DEFAULT |