Re: Problem with function permission test in a view

Tom Lane wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > I am documenting this behavior in the CREATE VIEW manual page, diff
> > attached.
>
> > + <para>
> > + While access to tables in the view is controlled entirely by permissions
> > + on the view, functions called by the view are checked independently.
> > + </para>
>
> That seems a tad vague, not to say content-free. Perhaps instead say
> "Access to tables referenced in the view is determined by permissions of
> the view owner. However, functions called in the view are treated the
> same as if they had been called directly from the query using the view.
> Therefore the user of a view must have permissions to call all functions
> used by the view."
>
> As I said earlier, it's quite possible that we should consider this a
> mistake. But it's way too late to consider fixing it for 7.4, even if
> we had consensus that it should be changed, which I don't think we do
> yet. In the meantime we should document the behavior clearly.

I like your text much better --- added. I will throw this email in the
7.5 queue and we can decide if it is a bug then.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073