Re: Permissions Broken in 7.0.x?

From: Brian Powell <brian(at)owlscreech(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: <pgsql-sql(at)postgresql(dot)org>
Subject: Re: Permissions Broken in 7.0.x?
Date: 2000-11-21 22:54:49
Message-ID: B6404B39.1459%brian@owlscreech.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-sql

Tom,

Thank you for the reply. I have found another issue that I am curious
about: I have a table with foreign key constraint to itself (a parent_id
field). I have a view to the table with permissions for a user to insert
into the view (of course, a rule exists to insert into the real table). The
problem is that it fails because of the constraint! Any way around this?
Or, am I sort of stuck granting all of these privileges to the table so that
triggers, constraints, etc. will work?

Thanks,
Brian

> Brian Powell <brian(at)owlscreech(dot)com> writes:
>> % psql bobdb
>> psql => create table test (
>> name char(32) not null,
>> age int4
>> );
>> psql => revoke all on test from tester;
>> CHANGE
>> psql => select * from test;
>> ERROR: test: Permission denied.
>
> Yeah, that's a bug --- confusion about the default permissions set.
> After doing an explicit GRANT or REVOKE on a table you own, you need to
> grant permissions to yourself again; the default assumption that you
> have all permissions gets lost :-(. This is fixed for 7.1.
>
>> Additionally, if I have a trigger on a table which sets the updated_date and
>> updated_by on any update, and I have a view with a rule which passes any
>> update to the table (thus calling the trigger), I get a permission denied.
>> I am supposing that the user updating the view does not have privileges to
>> the trigger? How would I grant them privileges to the trigger?
>
> Don't think there's a way to do that right now. There's been talk of
> making triggers run "setuid" to the creating user, but it's not been
> done AFAIR.

--Brian

In response to

Browse pgsql-sql by date

  From Date Subject
Next Message Itai Zukerman 2000-11-22 04:22:24 Re: Persistent Connects (pg_pconnect)
Previous Message Aristeu Gil Alves Junior 2000-11-21 22:04:56 Re: Blob Upload