| From: | "hx(dot)li" <fly2nn(at)126(dot)com> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #5147: DBA can not access view |
| Date: | 2009-11-02 05:36:41 |
| Message-ID: | hclr5f$2nr7$1@news.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
I think it is right---the superuser can select from
the view, even if the view's owner tries to prevent that---,
but maybe a good way is checking owner's privilage when creating a view as
Oracle.
It would be better not to create a view if a user cann`t access a table.
regards, hx.li
"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> :6863(dot)1257132736(at)sss(dot)pgh(dot)pa(dot)us(dot)(dot)(dot)
> "hx.li" <fly2nn(at)126(dot)com> writes:
>> In postgresql's documentPart VI. Reference,SQL Commands,GRANT, it said:
>
>> It should be noted that database superusers can access all objects
>> regardless of object privilege settings.
>
> What that means in this example is that the superuser can select from
> the view, even if the view's owner tries to prevent that. However,
> the view itself doesn't have any more permissions than it had before.
> It would have failed for anyone, and it fails for the superuser too.
>
> I grow weary of debating this with you.
>
> regards, tom lane
>
> --
> Sent via pgsql-bugs mailing list (pgsql-bugs(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-bugs
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | donniehan | 2009-11-02 06:53:42 | Re: BUG #5147: DBA can not access view |
| Previous Message | Tom Lane | 2009-11-02 03:32:16 | Re: BUG #5147: DBA can not access view |