From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: grant with hierarchy option |
Date: | 2009-10-30 04:49:48 |
Message-ID: | 1378.1256878188@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> There is a gap in the permission scheme for inheritance setups. Say you
> have this:
> CREATE TABLE persons (...);
> CREATE TABLE employees (...) INHERITS (persons);
> GRANT SELECT ON persons TO foo;
> Then user foo can extract who the employees are using
> SELECT * FROM persons EXCEPT SELECT * FROM ONLY persons;
And this is a problem why exactly? It's entirely likely that
employee-ness can be determined just from what is visible in
the persons view, anyway. Not to mention tableoid.
> I think this would be the proper and useful thing to do, especially in
> conjunction with the new recursive grant behavior. There would probably
> be some upgrading issues. For example, GRANTs imported via pg_dump from
> 8.4 would probably need to change SELECT to SELECT WITH HIERARCHY
> OPTION, and even that technically wouldn't cover all cases.
That sounds like "this will break everything in sight, especially
pre-existing dump files" :-(
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Itagaki Takahiro | 2009-10-30 05:07:20 | Re: Syntax for partitioning |
Previous Message | Greg Stark | 2009-10-30 04:20:23 | Re: Syntax for partitioning |