| From: | "Gaetano Mendola" <mendola(at)bigfoot(dot)com> |
|---|---|
| To: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Problem with function permission test in a view |
| Date: | 2003-09-14 00:07:10 |
| Message-ID: | 000001c37a55$87559e90$e907c9d9@mm.eutelsat.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
> Tom Lane wrote:
> > Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > > Someone asked me a question about view and function permissions. I
> > > assumed all object access done by a view would be based on the
> > > permissions on the view, and not the permissions of the objects.
> >
> > Table references are checked according to the owner of the view, but use
> > in a view does not change the execution context for function or operator
> > calls. This is how it's always been done.
> >
> > > Is this a bug?
> >
> > Changing it would be a major definitional change (and a pretty major
> > implementation change too). It might be better, but please don't
> > pre-judge the issue by labeling it a bug.
>
> Well, it sure sounds like a bug. What logic is there that table access
> use the view permissions, but not function access? Could we just use
> SECURITY DEFINER for function calls in views?
I already had this problem, look here:
and I had no reply :-(
Regards
Gaetano Mendola
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Schultz | 2003-09-14 05:14:42 | Re: memory allocation and powers of two |
| Previous Message | Tom Lane | 2003-09-13 22:30:14 | Re: memory allocation and powers of two |