| From: | Lieven Van Acker <lieven(at)elisa(dot)be> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: View permissions in 7.1 |
| Date: | 2001-05-03 21:41:03 |
| Message-ID: | 3AF1D06E.2E5F4A28@elisa.be |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-patches |
> Okay, the example you sent me off-list turns out to exhibit one bug
> and one not-yet-implemented feature. There is a bug in permissions
> checking for insert/update/delete rules (any references therein to
> NEW or OLD should be checked against the rule owner, not the calling
> user). A patch for that is attached.
Thanks, I'll apply it.
> However, you were also expecting
> that an SQL function call would provide "setuid" behavior, and it
> doesn't. (I believe changing that is on the TODO list.) In the
> meantime, you'd need to replace the current_adm() function call in your
> adm_base view rules with explicit subselects, so that the accesses to
> the "users" table are checked against the rule owner rather than the
> calling user.
Well, in fact, -at this point - I don't need setuid, because the function current_adm() has to lookup the effective uid of the calling
user. The point is I want to filter the records depending on the uid of the user calling the top-level view. So as I can understand,
views that are called by other views run still within the same session - thus returning the effective uid, right?
Kind Regards,
Lieven.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joel Burton | 2001-05-03 21:42:30 | Re: cast bit to boolean? |
| Previous Message | Bruce Momjian | 2001-05-03 21:40:53 | Re: [HACKERS] Metaphone function attachment |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lieven Van Acker | 2001-05-03 21:47:00 | Re: View permissions in 7.1 |
| Previous Message | Bruce Momjian | 2001-05-03 21:38:10 | Re: Fwd: Re: Re: patch to support KOI8-U <==> UTF-8 conversions (2nd try) |