From: | Lieven Van Acker <lieven(at)elisa(dot)be> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: View permissions in 7.1 |
Date: | 2001-05-03 22:53:03 |
Message-ID: | 3AF1E14F.1AF06C47@elisa.be |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-patches |
Tom Lane wrote:
> Lieven Van Acker <lieven(at)elisa(dot)be> writes:
> > Well, in fact, -at this point - I don't need setuid, because the
> > function current_adm() has to lookup the effective uid of the calling
> > user. The point is I want to filter the records depending on the uid
> > of the user calling the top-level view. So as I can understand, views
> > that are called by other views run still within the same session -
> > thus returning the effective uid, right?
>
> The problem is that current_adm() fails for lack of read access on the
> users table, when it's invoked on behalf of the unprivileged user.
>
You're right. I forgot to grant select priv's to public!
>
> I think that what you really want to be using for the lookup is
> SESSION_USER not CURRENT_USER. There's no difference at the moment,
> but there will be once we have setuid functions ...
>
Thanks for pointing this out. I'll have to change this to use the session_user!
>
> regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | pgsql | 2001-05-03 22:53:34 | Re: RE: Security and performance |
Previous Message | jks | 2001-05-03 22:47:48 | Re: are there plans for a threaded alternative to multiple daemons? |
From | Date | Subject | |
---|---|---|---|
Next Message | Andy Rysin | 2001-05-03 22:55:53 | Re: Fwd: Re: Re: patch to support KOI8-U <==> UTF-8 conversions (2nd try) |
Previous Message | Tom Lane | 2001-05-03 22:45:54 | Re: Fwd: Re: Re: patch to support KOI8-U <==> UTF-8 conversions (2nd try) |