Re: WIP: Column-level Privileges

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Markus Wanner <markus(at)bluegap(dot)ch>, PostgreSQL-development Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: WIP: Column-level Privileges
Date: 2008-11-02 12:53:40
Message-ID: 20081102125340.GT4452@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > ... A case I just realized might be an issue is
> > doing a 'select 1 from x;' where you have *no* rights on x, or any
> > columns in it, would still get you the rowcount.
>
> Well, if you have table-level select on x, I would expect that to work,
> even if your privs on every column of x are revoked. If the patch
> doesn't get this right then it needs more work ...

Table-level select on x is equivilant to having column-level select on
every column, per the spec. The issue here, that I'm planning to fix
shortly, is that you could get a rowcount without having table-level or
column-level select rights on the table.

Thanks,

Stephen

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2008-11-02 13:13:32 Re: WIP: Column-level Privileges
Previous Message Martijn van Oosterhout 2008-11-02 10:53:17 Re: Well done, Hackers