| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Neha Sharma <neha(dot)sharma(at)enterprisedb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Query regarding permission on table_column%type access |
| Date: | 2017-10-31 14:15:55 |
| Message-ID: | 18847.1509459355@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Neha Sharma (neha(dot)sharma(at)enterprisedb(dot)com) wrote:
>> I have observed that even if the user does not have permission on a
>> table(created in by some other user),the function parameter still can have
>> a parameter of that table_column%type.
> This is because the creation of the table also creates a type of the
> same name and the type's permissions are independent of the table's. I
> imagine that you could REVOKE USAGE ON TYPE from the type and deny
> access to that type if you wanted to.
Right. (I checked, seems to work as expected.)
> I'm not sure that we should change the REVOKE on the table-level to also
> mean to REVOKE access to the type automatically (and what happens if you
> GRANT the access back for the table..?
It seems pretty silly for privileges on table rowtypes to behave
differently from those on other rowtypes.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2017-10-31 14:46:49 | Add some const decorations to prototypes |
| Previous Message | Simon Riggs | 2017-10-31 14:00:27 | Re: Remove secondary checkpoint |