Mark Stosberg <mark(at)summersault(dot)com> writes:
> # Explicitly grant access to the view.
> db=> grant select on entities_not_deleted to myuser;
> GRANT
> # Try again to use the view. Still fails
> db=> SELECT 1 FROM entities_not_deleted WHERE some_col = 'y';
> ERROR: permission denied for relation entities
What's failing is that the *owner of the view* needs, and hasn't got,
select access on the entities table. This is a separate check from
whether the current user has permission to select from the view.
Without such a check, views would be a security hole.
regards, tom lane