| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | noy <noyda(at)isoco(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Permissions problem |
| Date: | 2002-02-12 19:06:13 |
| Message-ID: | 22935.1013540773@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
noy <noyda(at)isoco(dot)com> writes:
> However, any user can make a select or update in the table "accounts".
Surely not.
test71=# select version();
version
------------------------------------------------------------------
PostgreSQL 7.1.3 on hppa2.0-hp-hpux10.20, compiled by GCC 2.95.3
(1 row)
test71=# create user foo;
CREATE USER
test71=# create user bar;
CREATE USER
test71=# \c - foo
You are now connected as new user foo.
test71=> create table accounts (f1 int);
CREATE
test71=> insert into accounts values(1);
INSERT 1587112 1
test71=> revoke all on accounts from public;
CHANGE
test71=> \z accounts
Access privileges for database "test71"
Table | Access privileges
----------+-------------------
accounts | {"=","foo=arwR"}
(1 row)
test71=> select * from accounts;
f1
----
1
(1 row)
test71=> \c - bar
You are now connected as new user bar.
test71=> select * from accounts;
ERROR: accounts: Permission denied.
test71=> update accounts set f1 = 2;
ERROR: accounts: Permission denied.
test71=>
Perhaps your "any user" is actually a superuser?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kumar Khare | 2002-02-12 19:58:14 | Add free-behind capability for large sequential scans |
| Previous Message | Bruce Momjian | 2002-02-12 18:27:03 | Re: [HACKERS] Feature enhancement request : use of libgda |