Re: [HACKERS] something smells bad

From: Martín Marqués <martin(at)bugs(dot)unl(dot)edu(dot)ar>
To: Alex Pilosov <alex(at)pilosoft(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [HACKERS] something smells bad
Date: 2001-06-06 16:12:46
Message-ID: 01060619124607.29859@bugs
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

On Jue 07 Jun 2001 01:14, Alex Pilosov wrote:
> On Wed, 6 Jun 2001, [iso-8859-1] Martín Marqués wrote:
> > On Jue 07 Jun 2001 00:58, you wrote:
> > > 1) Please don't crosspost to both hackers and general
>
> (plonk myself)

Sorry, I sent it to both because it's what I usually see on things that seem
to not work on Postgres.

> > > On Wed, 6 Jun 2001, [iso-8859-1] Martín Marqués wrote:
> > > > ERROR: carrera_id_curso_seq.nextval: you don't have permissions to
> > > > set sequence carrera_id_curso_seq
> > >
> > > Because of the way postgres works, you need to grant write permission
> > > on the carrera_id_curso_seq for your inserts to succeed.
> >
> > This doesn't sound logical. The user from the group granted can insert
> > data, but not in a SERIAL field?
> > This is not what the "RULES and permissions" documentation says.
>
> I guess the documentation has to be changed then.
>
> Postgres sequences are really non-transparent, and you have to be aware of
> that. Such as, when you drop the table, sequence won't get dropped,
> permissions are separate on table and sequence, and various other things.

I am aware of this.

> > area_id_area_seq |
> > carrera_id_curso_seq |
> > categ_id_categ_seq |
> > docentes_id_docente_seq |
> > facultad_id_fac_seq |
> > log_carrera_id_log_seq |
> > materias_id_mat_seq |
> > niveles_id_nivel_seq |
> >
> > As you can see, the permissions look OK.
>
> You must have permissions on _seq as well as on the underlying table...

OK, now I'm more then astonished!
Why was I able to insert as martin then?
Isn't it true (as the docs say) that when I execute a query over a view with
rules, the rules (querys in the DO of the RULE) are executed with permssions
of the owner of the rule (or the view? Any way, martin is owner of both) and
not of the user that executed the query?

I am totally puzzeled! %-P

Saludos... :-)

--
Cualquiera administra un NT.
Ese es el problema, que cualquiera administre.
-----------------------------------------------------------------
Martin Marques | mmarques(at)unl(dot)edu(dot)ar
Programador, Administrador | Centro de Telematica
Universidad Nacional
del Litoral
-----------------------------------------------------------------

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Holger Klawitter 2001-06-06 16:24:23 bug?: java won't read timestamps
Previous Message John Moore 2001-06-06 16:01:47 Does PostgreSQL have implicit Order-by

Browse pgsql-hackers by date

  From Date Subject
Next Message Rod Taylor 2001-06-06 16:14:13 Timestamp change - 8601 compliance
Previous Message Alessio Bragadini 2001-06-06 16:08:15 Re: Strange error, probably WAL-related