| From: | Mark Volpe <volpe(dot)mark(at)epamail(dot)epa(dot)gov> |
|---|---|
| To: | Rick Delaney <rick(at)consumercontact(dot)com> |
| Cc: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Permissions for foreign keys |
| Date: | 2001-01-31 15:42:59 |
| Message-ID: | 3A783283.6B408FD9@epamail.epa.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
The problem is fixed in the 7.1 beta series.
Rick Delaney wrote:
>
> I'm using 7.0 and have noticed that I need to grant SELECT and UPDATE
> permissions on any referentially-related tables. Can/should I get
> around this? A somewhat contrived example:
>
> CREATE TABLE emp (
> id integer PRIMARY KEY,
> salary integer
> );
> CREATE TABLE proj (
> id integer PRIMARY KEY,
> emp_id integer REFERENCES emp
> );
> CREATE TABLE bill (
> id integer PRIMARY KEY,
> proj_id integer REFERENCES proj
> );
> INSERT INTO emp VALUES (1, 100000);
> INSERT INTO proj VALUES (1, 1);
> INSERT INTO bill VALUES (1, 1);
>
> GRANT ALL ON proj TO someone;
>
> Connect as someone:
> => INSERT INTO proj VALUES (2, 1);
> ERROR: emp: Permission denied.
> => UPDATE proj SET id = 2;
> ERROR: bill: Permission denied.
>
> It appears that I need to grant:
> SELECT,UPDATE on emp to UPDATE or INSERT into proj.
> SELECT,UPDATE on bill to UPDATE proj.
>
> When I grant these permissions, the above statements succeed.
>
> If I don't want users to have UPDATE (or even SELECT) access on the
> other tables (bill and emp), but I want referential integrity, what can
> I do?
>
> --
> Rick Delaney
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ross J. Reedstrom | 2001-01-31 15:50:24 | Re: Permissions for foreign keys |
| Previous Message | Albert REINER | 2001-01-31 15:17:22 | 7.0.2-docs: textpos -> strpos |