| From: | jwieck(at)debis(dot)com (Jan Wieck) |
|---|---|
| To: | olly(at)lfix(dot)co(dot)uk (Oliver Elphick) |
| Cc: | maillist(at)candle(dot)pha(dot)pa(dot)us, pgsql-hackers(at)hub(dot)org |
| Subject: | Re: [HACKERS] Here it is - view permissions |
| Date: | 1998-02-23 22:27:59 |
| Message-ID: | m0y76Lv-000BFRC@orion.SAPserv.Hamburg.dsh.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Oliver Elphick wrote:
>
> Bruce Momjian wrote:
> >All tables are created with default permissions for SELECT to PUBLIC, =
> so
> >views are no different.
>
> Is this not contrary to the SQL standard? I understood that SQL tables
> are created with permissions for their creator only; any permissions for
> other users must be granted explicitly. According to "SQL The Standard
> Handbook" (Cannan & Otten, 1993), the owner of the schema in which a tabl=
> e
> is created is given a full set of privileges, and no other user can acces=
> s
> the table or even discover that it exists!
^^^^^^^^^^^^^^!!!
Ha!
The next table we must hide and create a view on :-)
This time the view must check if the user has at least SELECT
permission on the table/view and hide rows. More tricky -
I'll try to work it out. But not doday - I'm tired and I know
what can happen then (saying '... and make even this little
thing' at 23:00 to reach the state of 22:59 at 04:00 :-).
Good night to all!
But a last word: There are even more such tables as the
tables/views are also reflected in pg_attributes, pg_rewrite
and so on. Even if here only the Oid shows up.
If we really want to get all this up to the highest level, we
need sometimes a proacl field in pg_proc ... *Ack* - Bruce,
*Outch* - no - not the pumpgun - *Help*
:-)
>
> It certainly seems undesirable to give automatic access to data of unknow=
> n
> sensitivity. Surely the default permission should be for the table's
> creator alone or for the owner of the PostgreSQL database (which I suppos=
> e =
>
> is equivalent to the `schema').
>
> I see that Jan Wieck has posted a method for preventing world readability=
> ;
> perhaps this should just be flagged as a configurable option.
But configurable at compile time - not a runtime option
please.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1998-02-23 22:35:09 | Re: [HACKERS] Here it is - view permissions |
| Previous Message | Jan Wieck | 1998-02-23 22:01:36 | Re: [HACKERS] pg_user "sealed" |