Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] something smells bad

From: Alex Pilosov <alex(at)pilosoft(dot)com>
To: Martín Marqués <martin(at)bugs(dot)unl(dot)edu(dot)ar>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [HACKERS] something smells bad
Date: 2001-06-06 23:27:50
Message-ID: Pine.BSO.4.10.10106061912480.9744-100000@spider.pilosoft.com (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-hackers 
On Wed, 6 Jun 2001, [iso-8859-1] Martn Marqus wrote:

> OK, now I'm more then astonished!
> Why was I able to insert as martin then?
> Isn't it true (as the docs say) that when I execute a query over a view with 
> rules, the rules (querys in the DO of the RULE) are executed with permssions 
> of the owner of the rule (or the view? Any way, martin is owner of both) and 
> not of the user that executed the query?

No. With both views and rules, the actions are executed as the user who
executed the query. I don't know if there are plans to allow the 'execute
as owner' for rules, right now this option only exists for the triggers.

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2001-06-07 00:08:03
Subject: Re: Re: [HACKERS] Outstanding patches
Previous:From: Robert ForsmanDate: 2001-06-06 22:45:34
Subject: Re: Daily Digest V1 #1428

pgsql-general by date

Next:From: Steve MicallefDate: 2001-06-06 23:55:35
Subject: Skipping duplicate records?
Previous:From: Len MorganDate: 2001-06-06 23:19:24
Subject: Re: "trigger"ing a procedure every X minutes

Privacy Policy | About PostgreSQL
Copyright © 1996-2013 The PostgreSQL Global Development Group