Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] Here it is - view permissions

From: jwieck(at)debis(dot)com (Jan Wieck)
To: pgsql-hackers(at)postgreSQL(dot)org (PostgreSQL HACKERS)
Subject: Re: [HACKERS] Here it is - view permissions
Date: 1998-02-23 14:42:30
Message-ID: m0y6z5U-000BFRC@orion.SAPserv.Hamburg.dsh.de (view raw or flat)
Thread:
Lists: pgsql-hackers
> 
> On Mon, 23 Feb 1998, Jan Wieck wrote:
> 
> > > 
> > > On Mon, 23 Feb 1998, Mattias Kregert wrote:
> > > 
> > > > Bruce Momjian wrote:
> > > > > 
> > > > > OK, but why would anyone want the old behavior?
> > > > > 
> > > > > I guess if you have a table that is not select-able by everyone, and you
> > > > > create a view on it, the default permits will allow select to others.
> > > > > You would have to set the permit on that view.  Is there more to that
> > > > > pg_class flag you want to add?
> > > > 
> > > > Why does views default to 'select' permission for 'public'?
> > > > I think most people will never think of the possibility that others
> > > > will be able to SELECT their data through views.
> > > > Should not 'create view' at least print a NOTICE about this?
> > > 
> > > 	Considering how much security we are putting around everything
> > > else, is it unreasonably to have both 'create view'/'create table' default
> > > to 'revoke all' to public, and 'grant all' to owner?
> > 
> >     include/utils/acl.h line 65
> > 
> >     set ACL_WORLD_DEFAULT to ACL_NO
> > 
> >     Then tables and views default to what you wanted.
> 
> 	Have you actually tried this? :)  Does it break anything?
> 
> 
> 

    No I didn't - but if I read your smiley correct it does - right?

    I'm close to fixing the backend crashes on REVOKE ALL ON pg_user
    and so I didn't wanted to loose any minute and check if the above
    works properly.


Jan

-- 

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #


In response to

Responses

pgsql-hackers by date

Next:From: The Hermit HackerDate: 1998-02-23 14:43:51
Subject: Re: [HACKERS] Here it is - view permissions
Previous:From: Thomas G. LockhartDate: 1998-02-23 14:37:44
Subject: Re: [HACKERS] Running pgindent

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group