Skip site navigation (1) Skip section navigation (2)

Re: Permissions on aggregate component functions

From: Richard Huxton <dev(at)archonet(dot)com>
To: Simon Riggs <simon(at)2ndquadrant(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Permissions on aggregate component functions
Date: 2005-01-28 08:36:34
Message-ID: 41F9F992.20508@archonet.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Simon Riggs wrote:
>>
>>Clearly this is a must-fix issue, but I'm wondering exactly where the
>>check should be enforced.  Is it sufficient to check at the time of
>>CREATE AGGREGATE that the creator has appropriate rights, or do we need
>>to do it every time the aggregate is used?
> 
> 
> Well spotted.
> 
> Check should be once for each SQL statement in which the function is
> attempted to be used. Otherwise, an administrator might revoke EXECUTE
> privilege on a function that was used as part of an AGGREGATE, then
> discover that the user could still execute it in the way you suggest.

Or some sort of CASCADE should be required.

-- 
   Richard Huxton
   Archonet Ltd

In response to

pgsql-hackers by date

Next:From: Christopher Kings-LynneDate: 2005-01-28 09:46:13
Subject: Re: Continue transactions after errors in psql
Previous:From: Tom LaneDate: 2005-01-28 07:38:45
Subject: Re: storage of compiled functions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group