| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Neha Sharma <neha(dot)sharma(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Query regarding permission on table_column%type access |
| Date: | 2017-10-31 12:34:45 |
| Message-ID: | 20171031123445.GY4628@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Neha Sharma (neha(dot)sharma(at)enterprisedb(dot)com) wrote:
> I have observed that even if the user does not have permission on a
> table(created in by some other user),the function parameter still can have
> a parameter of that table_column%type.
This is because the creation of the table also creates a type of the
same name and the type's permissions are independent of the table's. I
imagine that you could REVOKE USAGE ON TYPE from the type and deny
access to that type if you wanted to.
I'm not sure that we should change the REVOKE on the table-level to also
mean to REVOKE access to the type automatically (and what happens if you
GRANT the access back for the table..? Would we need to track that
dependency?) considering that's been the behavior for a very long time.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-10-31 12:38:20 | Re: Patch: restrict pg_rewind to whitelisted directories |
| Previous Message | Stephen Frost | 2017-10-31 12:31:21 | Re: Adding column_constraint description in ALTER TABLE synopsis |