Skip site navigation (1) Skip section navigation (2)

Re: BUG #5147: DBA can not access view

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "hx(dot)li" <fly2nn(at)126(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #5147: DBA can not access view
Date: 2009-10-30 13:59:38
Message-ID: 7536.1256911178@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
"hx.li" <fly2nn(at)126(dot)com> writes:
>> This is not a bug.  The view is owned by user1 and what the view can
>> access is determined by user1's permissions, independently of who is
>> calling it.

> So I think it should not have a permission error when run "select * from 
> view1".

No, that would be a bad idea.  Your proposal essentially means that it's
impossible for a superuser to give up rights when calling a setuid
function or view.  That would be a serious security hazard.

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2009-10-30 15:34:03
Subject: Re: BUG #5145: Complex query with lots of LEFT JOIN causes segfault
Previous:From: S. NeumannDate: 2009-10-30 10:23:19
Subject: BUG #5152: Exporting databases with pg_dump changes 'bigserial' to 'bigint'

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group