From: | pgsql-bugs(at)postgresql(dot)org |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Bad rights working in referential integrity? |
Date: | 2001-01-17 10:50:57 |
Message-ID: | 200101171050.f0HAov265214@hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Ing. Pavel Janousek (janousek(at)fonet(dot)cz) reports a bug with a severity of 2
The lower the number the more severe it is.
Short Description
Bad rights working in referential integrity?
Long Description
I have two tables:
create table a(id serial primary key, t text);
create table b(id int references a, t text);
I have defined user 'reader', which can ONLY read data from table 'a' and may insert to table 'b' and full rights have different user.
So, I think that the rights granted to user 'reader' may be:
SELECT to table 'a' and INSERT to table 'b'. But now I must grant UPDATE/DELETE on table 'a' otherwise, reader isn't able insert row(s) to 'b' - Permision denied...:-( I don't know why 'reader' may have DELETE/UPDATE permitions on table 'a'...
Sample Code
as user 'temp':
create table a(id serial primary key, t text);
create table b(id int references a, t text);
revoke all on a from public;
revoke all on b from public;
grant select on a to "reader";
grant INSERT on b to "reader";
insert into a(t) values ('pom');
\z shows:
Access permissions for database "pp"
Relation | Access permissions
------------+--------------------
a | {"=","reader=r"}
a_id_seq |
b | {"=","reader=a"}
Owner of database 'pp' is 'temp'
Now as user 'reader':
pp=> insert into b values (1, 'p');
ERROR: a: Permission denied.
pp=>
No file was uploaded with this report
From | Date | Subject | |
---|---|---|---|
Next Message | pgsql-bugs | 2001-01-17 12:44:01 | ECPG, cursors and transactions |
Previous Message | pgsql-bugs | 2001-01-16 21:32:43 | delete in a trigger |