Re: [SQL] Re: create view security

Peter Eisentraut wrote:
> Wallingford, Ted writes:
>
> > I am using 6.3 in this case.
>
> I'm sorry but that is pre-historic era around here and no one really
> remembers what the problems might have been back then (other than that
> they were surely plenty). Upgrading might be your best bet on all fronts.

You're wrong - I remember, not 100% sure, but good enough.

Just two weeks ago (funny - isn't it) I made a deal with a
friend, exchanging this old 486/33DLC, 8MB, 1GB portable
(640x480 gray but onboard SCSI!) with a planimeter (nice
mechanic tool that fit's perfectly into my sliderule
collection - that friend collects sliderules too so he knows
how to get me :-).

That old portable was the computer, most of the rule system
fixes for v6.4 where developed on. I'm pretty sure that the
Rule-Owner-Needs-Perm changes where part of it.

The executor is doing a permisson check of the result- and
all scan relations just before starting the execution. For
v6.4 (or was THAT in 6.5 - dunno exactly) I added a little
flag to the rangetable entry that tells "this relation is
accessed through a view and permissions are already checked".
Since then, it was the rewriter that checked if the view-
owner would have the permissions for all relations used by
the view.

Anyway, upgrading IS the best (if not the only) choice for
him.

Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #