| From: | "Wetmore, Matthew (CTR)" <Matthew(dot)Wetmore(at)evernorth(dot)com> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, "maxim(dot)boguk(at)gmail(dot)com" <maxim(dot)boguk(at)gmail(dot)com>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view |
| Date: | 2024-03-12 13:51:46 |
| Message-ID: | d4ea4f8641a8486e899a3a4f42447ba4@evernorth.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> I guess we need to allow creating such internal temporary tables,
> despite the missing permission. That'll need some careful analysis to
> make sure we don't accidentally allow creating other temporary tables...
Wouldn't it be sufficient to document that fact, perhaps add an error hint and require the MV owner to have TEMP on the database?
That's not an outrageous requirement, and it couldn't open any security back doors.
Agree. We already have to create a new user (well, that’s what I do) for MV's anyway for the REFRESH by owner only, it would not be a burden to adjust that ROLE's settings at time of creation. The doco is completely clear about MV owner, we can just add to that note to make sure CREATE permission too.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-03-12 14:08:14 | Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view |
| Previous Message | Laurenz Albe | 2024-03-12 12:22:33 | Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view |