Skip site navigation (1) Skip section navigation (2)

Re: permissions bug in RI checks?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: David Christensen <david(at)endpoint(dot)com>
Cc: pgsql-hackers Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: permissions bug in RI checks?
Date: 2010-09-01 15:44:58
Message-ID: 25665.1283355898@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
David Christensen <david(at)endpoint(dot)com> writes:
> In doing a schema upgrade, we noticed the following behavior, which certainly seems like a bug.  Steps to reproduce:
> ...
> The bug in this case is that "b" has full permissions on all of the
> underlying tables, but runs into issues when trying to access the
> referenced tables.

Permissions checks for RI operations involve the owner of the table,
from whom you've revoked all permissions.  If the RI operations were
done as the caller, as you seem to expect, that would *not* be an
improvement; callers would have to have more privileges than one really
wants.

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: David E. WheelerDate: 2010-09-01 16:02:12
Subject: Re: array_agg() NULL Handling
Previous:From: David ChristensenDate: 2010-09-01 15:34:29
Subject: permissions bug in RI checks?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group