| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Martín Marqués <martin(at)bugs(dot)unl(dot)edu(dot)ar> |
| Cc: | Dariusz Pietrzak <dariush(at)ajax(dot)umcs(dot)lublin(dot)pl>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Permissions and views. |
| Date: | 2001-05-07 14:44:25 |
| Message-ID: | 21051.989246665@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
=?iso-8859-1?q?Mart=EDn=20Marqu=E9s?= <martin(at)bugs(dot)unl(dot)edu(dot)ar> writes:
>> It is said that RULES are executed with rule's owner permissions, so how
>> is it possible that different users are getting different results?
> This is not true. Rules are not executed with owner permission.
Yes they are. If you do something like
INSERT INTO view ...
which is rewritten by a rule into INSERT INTO someplace_else,
then there are two sets of permission checks applied: the original
caller must have insert rights on the view, and the rule owner must
have insert rights on "someplace_else".
In the case at hand, I'd expect that the owner of the rule issuing
SELECT...FOR UPDATE would need to have select and update permission
on the target table.
There have been sundry bugs in this mechanism in various versions of
Postgres, which is why I asked what version. But on reading over the
thread, there's not really enough info to know whether the system
is misbehaving or not. We'd need to see a more complete example.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Einar Karttunen | 2001-05-07 14:52:29 | Re: Autonumber |
| Previous Message | Tony Grant | 2001-05-07 14:33:45 | Re: Re: MS-Query |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vince Vielhaber | 2001-05-07 14:56:20 | Re: v7.1.1 Branched, Packaged and Released ... |
| Previous Message | Jan Wieck | 2001-05-07 14:42:41 | Re: \c connects as another user instead I want in psql |