Re: rights for schema

On 12/31/2012 09:02 AM, Philipp Kraus wrote:
>
> Am 31.12.2012 um 15:54 schrieb Adrian Klaver:
>
>> On 12/31/2012 05:41 AM, Philipp Kraus wrote:
>>>
>>> Am 31.12.2012 um 02:11 schrieb Adrian Klaver:
>>>
>>
>>>>
>>>> Actually as of 9.0 that is not strictly true:
>>>> http://www.postgresql.org/docs/9.2/interactive/sql-alterdefaultprivileges.html
>>>
>>> I have create a view for access a table and rules for modifiy the
>>> based table. The table has got a trigger.
>>> If I run an update on the view, I get an error "permission denied"
>>> for the trigger call. My user modifies
>>> only the "view", so do the user also get access to the trigger
>>> (execution right)? IMHO the trigger is run
>>> by postgres self, so the user don't need a right on the trigger.
>>
>> Was the error for the trigger or the function the trigger called?
>
> ERROR: permission denied for schema usermanagement
>
> usermanagement ist ein schema and the base table calls a function within
> this schema, this
> checks if the user is super user with
>
> select current_setting('is_superuser') = 'on' into l_issuper;

So the issue was that the user calling the function did not have access
to the schema usermanagement. It is also possible the user did not have
EXECUTE privileges on the function either. From your subsequent post I
see you discovered SECURITY DEFINER. This is works as you found out.
Just be aware that if the user that defined the function is a super user
the function has their privileges and all that implies.

--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com