| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Donald Fraser" <demolish(at)cwgsy(dot)net> |
| Cc: | "[BUGS]" <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: Bugs with rules on views/tables: permission denied |
| Date: | 2003-02-24 20:29:17 |
| Message-ID: | 5303.1046118557@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-bugs |
"Donald Fraser" <demolish(at)cwgsy(dot)net> writes:
> As USER chkrule do:
> Bugs=3D> INSERT INTO vu_tbl_test (id, s_text) VALUES('1','sometext');
> ERROR: vu_tbl_test: permission denied
What I get is
ERROR: test_func: permission denied
and the needed fix is to grant execute privilege on the function to the
calling user.
> If you give the USER chkrule UPDATE permissions on the view vu_tbl_test the=
> n the error at Scenario 1 goes away.
Not for me.
The reason it acts this way is that rule permissions apply to tables
mentioned in the rule, not to functions. This is at least partly for
historical reasons: functions didn't have permissions to check, back
when the rule system was designed. But I'm not sure that it's wrong.
In your example, the end user is controlling the arguments given to
test_func. If the rule allowed him to call test_func without having
permission to do so, there'd be the potential for security breaches.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sidar Lopez Cruz | 2003-02-24 20:39:33 | Windows and PostgreSQL |
| Previous Message | Stephen Harris | 2003-02-24 20:27:07 | ident sameuser failure |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Donald Fraser | 2003-02-24 22:38:29 | Re: Bugs with rules on views/tables: permission denied |
| Previous Message | Donald Fraser | 2003-02-24 16:23:27 | Re: Bugs with rules on views/tables: permission denied |