| From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
|---|---|
| To: | <robertmhaas(at)gmail(dot)com>,<noah(at)leadboat(dot)com> |
| Cc: | <Kohei(dot)Kaigai(at)emea(dot)nec(dot)com>,<kaigai(at)kaigai(dot)gr(dot)jp>, <thom(at)linux(dot)com>, <pgsql-hackers(at)postgresql(dot)org>, <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: [v9.2] Fix Leaky View Problem |
| Date: | 2011-09-25 16:22:03 |
| Message-ID: | 4E7F0EDB02000025000416BE@gw.wicourts.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas 09/25/11 10:58 AM >>>
> I'm not sure we've been 100% consistent about that, since we
> previously made CREATE OR REPLACE LANGUAGE not replace the owner
> with the current user.
I think we've been consistent in *not* changing security on an
object when it is replaced.
test=# create user someoneelse;
CREATE ROLE
test=# create user yetanother;
CREATE ROLE
test=# create function one() returns int language sql as 'select 1;';
CREATE FUNCTION
test=# alter function one() owner to someoneelse;
ALTER FUNCTION
test=# revoke execute on function one() from public;
REVOKE
test=# create or replace function one() returns int language plpgsql as
$$begin return 1; end;$$;
CREATE FUNCTION
test=# \df+ one()
List of
functions
Schema | Name | Result data type | Argument data types | Type |
Volatility | Owner | Language | Source code | Description
--------+------+------------------+---------------------+--------+------------+-------------+----------+----------------------+-------------
public | one | integer | | normal |
volatile | someoneelse | plpgsql | begin return 1; end; |
(1 row)
test=# set role yetanother;
SET
test=> select one();
ERROR: permission denied for function one
-Kevin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2011-09-25 16:50:31 | Re: Adding CORRESPONDING to Set Operations |
| Previous Message | Edson Carlos Ericksson Richter | 2011-09-25 16:19:19 | RES: Alter column...using failure under 9.0.4 |