Skip site navigation (1) Skip section navigation (2)

grant with hierarchy option

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Subject: grant with hierarchy option
Date: 2009-10-29 23:24:22
Message-ID: 1256858663.9673.18.camel@vanquo.pezone.net (view raw or flat)
Thread:
Lists: pgsql-hackers
There is a gap in the permission scheme for inheritance setups.  Say you
have this:

CREATE TABLE persons (...);
CREATE TABLE employees (...) INHERITS (persons);

GRANT SELECT ON persons TO foo;

Then user foo can extract who the employees are using

SELECT * FROM persons EXCEPT SELECT * FROM ONLY persons;

With UPDATE permissions one could then even do moderately evil things
like only changing the employees.

Proper encapsulation would require that using ONLY is only permitted
when specifically allowed.  That is what GRANT SELECT WITH HIERARCHY
OPTION does, per SQL standard.  It is basically a funny spelling for
another privilege type that means "may use ONLY".

I think this would be the proper and useful thing to do, especially in
conjunction with the new recursive grant behavior.  There would probably
be some upgrading issues.  For example, GRANTs imported via pg_dump from
8.4 would probably need to change SELECT to SELECT WITH HIERARCHY
OPTION, and even that technically wouldn't cover all cases.

Comments?


Responses

pgsql-hackers by date

Next:From: Greg StarkDate: 2009-10-29 23:52:13
Subject: Re: WIP: push AFTER-trigger execution into ModifyTable node
Previous:From: Peter EisentrautDate: 2009-10-29 22:41:26
Subject: Re: \d+ for long view definitions?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group