| From: | Kyle Bateman <kyle(at)actarg(dot)com> |
|---|---|
| To: | wieck(at)debis(dot)com |
| Cc: | pgsql-sql(at)postgresql(dot)org |
| Subject: | References and privileges |
| Date: | 2000-06-08 00:45:40 |
| Message-ID: | 393EECB4.49E68076@actarg.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
wieck(at)debis(dot)com (Jan Wieck) writes:
>> If one does:
>>
>> [...]
>> grant select on master to a_user;
>> grant select, insert, update, delete on detail to a_user;
>>
>> then if login as "a_user" and does:
>>
>> insert into detail (id, master_id) values (1, 10);
>>
>> this will result in: "ERROR: master: Permission denied".
>>
>> This seems a bug to me ? Isn't it ?
> Outch,
> yes, we missed something here. Peter, you said you'll
> probably work on the ACL stuff after 7.0. We need to
> coordinate that work with the function manager redesign to go
> for SETUID triggers and functions.
Hey Jan:
This one just bit me hard. We're trying to implement RI so a foreign
key (employee ID number) is verified to exist in the employee table.
Problem is, we have to grant everyone and their dog access to the
employee table (select,update, no less) which contains all kinds of
sensitive data about employees.
We even tried making a limited view of the employee table and
referencing that. No luck, the RI triggers try to find an OID column in
the referenced table (view). If we could name a column "oid" in a view,
we might have a chance with this approach.
How hard would it be to get the "grant references" thing going? Is
there anything I could do to help?
Grant permissions on columns would also solve this problem. Is that one
huge or not so huge?
Kyle
| Attachment | Content-Type | Size |
|---|---|---|
| kyle.vcf | text/x-vcard | 291 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joseph Shraibman | 2000-06-08 01:04:10 | Re: counting distinct values |
| Previous Message | Hiroshi Inoue | 2000-06-08 00:24:50 | RE: Problem with subquery in CHECK constraint. |