| From: | Olleg Samoylov <olleg(at)mipt(dot)ru> |
|---|---|
| To: | Richard Huxton <dev(at)archonet(dot)com> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #1610: rewrite rule and sequence |
| Date: | 2005-04-25 10:31:19 |
| Message-ID: | 426CC6F7.9000402@mipt.ru |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-docs |
Richard Huxton wrote:
> Hmm - perhaps the documentation needs expanding. Certainly, if your view
> references functions you need to make sure permissions are set correctly
> on those.
>
> How about changes along the lines of:
>
> Ch 33.4, para 2
> "... Relations that are used due to rules get checked against the
> privileges of the rule owner, not the user invoking the rule. This means
> that a user only needs the required privileges for the objects[1] that
> he names explicitly in his queries."
>
> then
>
> "[1] This includes permissions on tables and views you reference in your
> view definition. It might also include execute permissions on any
> functions referenced, and for updates, permissions on any sequences.
> This includes sequences automatically created by use of the SERIAL type."
<quote> only needs the required privileges for the objects that
he names explicitly in his queries.</quote>
Sequence for serial type don't explicitly mentioned in queries. I expect
the same behavior for rules as for function with "SECURITY DEFINER"
parameter.
--
Olleg Samoylov
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Diarmaid Foley | 2005-04-25 13:24:42 | BUG #1623: COPY and unicode |
| Previous Message | tesuji | 2005-04-23 23:59:25 | BUG #1622: not available |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-04-26 03:01:13 | pgsql: Mention that PAM requires the user already exist in the database, |
| Previous Message | Mischa Sandberg | 2005-04-25 00:04:21 | Re: [COMMITTERS] pgsql: Remove replicaiton FAQ item. |