| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Cath Lawrence <Cath(dot)Lawrence(at)anu(dot)edu(dot)au> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Rules and users |
| Date: | 2003-08-07 13:41:01 |
| Message-ID: | 14829.1060263661@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Cath Lawrence <Cath(dot)Lawrence(at)anu(dot)edu(dot)au> writes:
> I am puzzled. I have rules set up such that when a table entry is
> changed or deleted, it is first copied to an archive table. This works
> beautifully, and everything is fine. But _why_ does it work???
Because the rule-added action occurs before the original UPDATE or DELETE.
This is stated in the fine print somewhere in the manual's discussion
of rules.
> So I thought - whoops, I have a bug, my normal user can't delete
> because that requires inserting into TABLE_old, which I haven't given
> them permission for. But they can! Are rules run as some other user or
> what?
Yes, as the rule owner. (More specifically, any table accesses added
by the rule are checked using the owner's permissions. If you have,
say, a function that's called in a rule query, it still executes using
the caller's permissions. There has been debate over whether this is a
bug.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-08-07 14:04:13 | Re: [PHP] authentication question |
| Previous Message | Wim | 2003-08-07 12:36:58 | Re: [NEWBIE] FATAL 1: IDENT authentication failed for |