| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | "Battuello, Louis" <louis(dot)battuello(at)etasseo(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Re: Foreign Key Validation after Reference Table Ownership Change |
| Date: | 2018-03-21 16:50:23 |
| Message-ID: | CAKFQuwadYCNkn-q_OMHAVx=sSaTHyPbJLvxZgTo6j8w-FJ9HoA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Mar 21, 2018 at 8:30 AM, Battuello, Louis <
louis(dot)battuello(at)etasseo(dot)com> wrote:
> So, user_2 needs usage on the schema containing its newly owned reference
> table even though user_1 is performing the insert on a table in the other
> schema? Interesting. I though the validation was only dependent on user_1's
> ACL.
>
It was the only thing that made sense, given the error, though I agree it
seems a bit odd.
I don't have time to experiment right now - but at a high level one would
think user_2 would need usage and create on schema_1 in order to be the
owner of an object in schema_1. There is no possible way for it to
actually create its own object there without such permissions - that a
superuser can do so leaves a possibility for a non-superuser dump/restore
problem.
Whether the system allows you too or not I'd advise the owner of objects
within a schema either own the schema too or have usage and create
permission thereon.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vincenzo Romano | 2018-03-21 17:12:43 | Re: postgresql-10.3 on unbuntu-17.10 - how?? |
| Previous Message | Alessandro Aste | 2018-03-21 16:09:57 | Postgresql 10.3 , query never completes if LIMIT clause is specified and paralle processing is on |