| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: grant with hierarchy option |
| Date: | 2009-10-30 04:49:48 |
| Message-ID: | 1378.1256878188@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> There is a gap in the permission scheme for inheritance setups. Say you
> have this:
> CREATE TABLE persons (...);
> CREATE TABLE employees (...) INHERITS (persons);
> GRANT SELECT ON persons TO foo;
> Then user foo can extract who the employees are using
> SELECT * FROM persons EXCEPT SELECT * FROM ONLY persons;
And this is a problem why exactly? It's entirely likely that
employee-ness can be determined just from what is visible in
the persons view, anyway. Not to mention tableoid.
> I think this would be the proper and useful thing to do, especially in
> conjunction with the new recursive grant behavior. There would probably
> be some upgrading issues. For example, GRANTs imported via pg_dump from
> 8.4 would probably need to change SELECT to SELECT WITH HIERARCHY
> OPTION, and even that technically wouldn't cover all cases.
That sounds like "this will break everything in sight, especially
pre-existing dump files" :-(
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Itagaki Takahiro | 2009-10-30 05:07:20 | Re: Syntax for partitioning |
| Previous Message | Greg Stark | 2009-10-30 04:20:23 | Re: Syntax for partitioning |