| From: | Helge Bahmann <bahmann(at)math(dot)tu-freiberg(dot)de> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: execute permissions of stored procedures? |
| Date: | 2002-02-20 17:46:29 |
| Message-ID: | Pine.LNX.4.21.0202201833520.18297-100000@lothlorien.stunet2.tu-freiberg.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On a somewhat related issue: I wonder whether the current interaction
of rules and functions (especially trigger functions, but functions
used in CHECK constraints are affected as well) is really fortunate:
Suppose a query executed by user 'A' gets rewritten and the resulting
query executed with the privileges of user 'B' -- all functions
are still invoked with the privileges of user 'A'. Is this intentional?
I remember having to grant additional rights to user 'A' in some cases,
just to please some trigger procedures.
Wouldn't it be more useful to make a complete privilege transition to
user 'B' when rewriting the query? Honestly I cannot think of a case
where this would not be the desired behaviour (at least I think this is
the expected behaviour), perhaps someone can give a counter-example why
the current behaviour would be more correct?
Best regards
--
Helge Bahmann <bahmann(at)math(dot)tu-freiberg(dot)de> /| \__
Network admin, systems programmer /_|____\
_/\ | __)
$ ./configure \\ \|__/__|
checking whether build environment is sane... yes \\/___/ |
checking for AIX... no (we already did this) |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Griffiths | 2002-02-20 18:07:35 | Re: execute permissions of stored procedures? |
| Previous Message | Bruno Wolff III | 2002-02-20 17:18:17 | Re: |