| From: | Mark Stosberg <mark(at)summersault(dot)com> |
|---|---|
| To: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Need help revoking access WHERE state = 'deleted' |
| Date: | 2013-02-28 19:29:15 |
| Message-ID: | 512FB00B.7000706@summersault.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On 02/28/2013 02:08 PM, Tom Lane wrote:
> Mark Stosberg <mark(at)summersault(dot)com> writes:
>> # Explicitly grant access to the view.
>> db=> grant select on entities_not_deleted to myuser;
>> GRANT
>
>> # Try again to use the view. Still fails
>> db=> SELECT 1 FROM entities_not_deleted WHERE some_col = 'y';
>> ERROR: permission denied for relation entities
>
> What's failing is that the *owner of the view* needs, and hasn't got,
> select access on the entities table. This is a separate check from
> whether the current user has permission to select from the view.
> Without such a check, views would be a security hole.
This was precisely our issue. Thanks, Tom.
I changed the owner of the view, and our approach is working now.
Mark
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2013-03-01 14:32:07 | Re: Concatenating bytea types... |
| Previous Message | Tom Lane | 2013-02-28 19:08:12 | Re: Need help revoking access WHERE state = 'deleted' |