| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Permissions on aggregate component functions |
| Date: | 2005-01-28 08:36:34 |
| Message-ID: | 41F9F992.20508@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Simon Riggs wrote:
>>
>>Clearly this is a must-fix issue, but I'm wondering exactly where the
>>check should be enforced. Is it sufficient to check at the time of
>>CREATE AGGREGATE that the creator has appropriate rights, or do we need
>>to do it every time the aggregate is used?
>
>
> Well spotted.
>
> Check should be once for each SQL statement in which the function is
> attempted to be used. Otherwise, an administrator might revoke EXECUTE
> privilege on a function that was used as part of an AGGREGATE, then
> discover that the user could still execute it in the way you suggest.
Or some sort of CASCADE should be required.
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2005-01-28 09:46:13 | Re: Continue transactions after errors in psql |
| Previous Message | Tom Lane | 2005-01-28 07:38:45 | Re: storage of compiled functions |