Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] SELECT currval('SEQ') broken?

From: jwieck(at)debis(dot)com (Jan Wieck)
To: vadim(at)sable(dot)krasnoyarsk(dot)su (Vadim B(dot) Mikheev)
Cc: mrogan(at)fpelectronics(dot)com, pgsql-hackers(at)postgreSQL(dot)org
Subject: Re: [HACKERS] SELECT currval('SEQ') broken?
Date: 1998-02-26 06:55:20
Message-ID: m0y7xE1-000BFRC@orion.SAPserv.Hamburg.dsh.de (view raw or flat)
Thread:
Lists: pgsql-hackers
> 
> Michael J. Rogan wrote:
> > 
> > Hello
> > 
> > I like the added security of 6.3 however how do you grant access to
> > SELECT currval('SEQ') AS id
> > I get a permission error on seq.currval?
> > 
> > I figured out how to use CVSUP so I am grabbing the latest version.
> > 
> > If this is fixed in it then great otherwise any ideas?
> 
> I don't remember - did we NO_ACCESS to a table for public
> as default or not ?

    We did so. Default is now NO_ACCESS for public but SELECT
    granted for public on IsSystemRelationName() where no
    explicit ACL is set. So all tables and views prefixed pg_
    are readable by default and must still be revoked if you
    don't want them public readable. All other tables and
    views are private.
    

> If yes then you have to GRANT permissions on sequences...

    Checked that and it works. The creator of the sequence is
    the owner and can do anything by default (superuser too). 

    GRANT SELECT ON seq permitts to get currval() from sequence.

    GRANT SELECT, UPDATE ON seq permitts to get nextval().


    Great to see that new security code works also for an area
    that we didn't thought about.


Jan

-- 

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #


In response to

pgsql-hackers by date

Next:From: Maurice GittensDate: 1998-02-26 09:45:28
Subject: Re: [HACKERS] Adding a field to each tuple
Previous:From: Thomas G. LockhartDate: 1998-02-26 05:45:01
Subject: Re: [HACKERS] grammer/keywords/shift/reduce conflicts

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group