From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
Cc: | Hannu Krosing <hannu(at)2ndquadrant(dot)com>, Tomonari Katsumata <katsumata(dot)tomonari(at)po(dot)ntts(dot)co(dot)jp>, Szymon Guz <mabewlun(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: How to create read-only view on 9.3 |
Date: | 2013-08-13 16:23:05 |
Message-ID: | 520A5D69.8030305@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 08/13/2013 12:09 PM, Merlin Moncure wrote:
> On Tue, Aug 13, 2013 at 10:12 AM, Hannu Krosing <hannu(at)2ndquadrant(dot)com> wrote:
>> On 08/13/2013 03:25 PM, Merlin Moncure wrote:
>>> I chatted about this on IRC for a bit. Apparently, updatability of
>>> views is a mandatory feature in the sql standard and by relying on the
>>> read-only-ness you were relying on non-standard behavior essentially.
>>> I admit this is a pretty big pain (and I'm a real stickler for
>>> backwards compatibility) but it's pretty hard to argue with the
>>> standard. Workarounds are to revoke various privileges.
>> Perhaps pg_dump from 9.3 should add REVOKE ALL ...; GRANT SELECT ...;
>> when dumping views from older postgreSQL versions ?
> I thought so initially until I learned that views are expressly
> read-write per the standard; we're not changing behavior but
> implementing required functionality. So (at the least) I don't think
> it's fair to expect users who don't care about this point to have to
> go re-GRANT the appropriate privs -- so if you did that I think it
> would have to be an optional switch to pg_dump. That said, it's
> pretty much a given this is going to burn some people and given the
> potential security considerations maybe some action is warranted.
> Personally, I'd be satisfied with a dump time warning though or
> perhaps a strongly worded note in the documentation?
>
>
In any case, using permissions is a somewhat leaky bandaid, since
superusers have overriding access privileges anyway. A better way to do
what the OP wants might be to have a view trigger that raises an exception.
cheers
andrew
From | Date | Subject | |
---|---|---|---|
Next Message | 'Bruce Momjian' | 2013-08-13 16:49:33 | Re: 9.3 release notes suggestions |
Previous Message | Merlin Moncure | 2013-08-13 16:09:27 | Re: How to create read-only view on 9.3 |