| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Keith Fiske <keith(at)omniti(dot)com> |
| Cc: | Joe Conway <mail(at)joeconway(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Partitioned tables vs GRANT |
| Date: | 2017-04-08 00:41:28 |
| Message-ID: | 27428.1491612088@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Keith Fiske <keith(at)omniti(dot)com> writes:
> On Fri, Apr 7, 2017 at 2:46 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Joe Conway <mail(at)joeconway(dot)com> writes:
>>> Apparently INSERT and SELECT on the parent partitioned table skip normal
>>> acl checks on the partitions. Is that intended behavior?
>> Yes, this matches normal inheritance behavior.
> Should that really be normal partitioning behavior though?
Yes, it should. Consider the alternatives:
1. Owner must remember to run around and grant permissions on all child
tables along with the parent.
2. The system silently(?) doesn't show you some rows that are supposed
to be visible when scanning the parent table.
If you want RLS, use RLS; this is not that, and is not a good substitute.
(We've been around on this topic before, btw. See the archives.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2017-04-08 00:56:29 | Re: Vacuum: allow usage of more than 1GB of work mem |
| Previous Message | Tom Lane | 2017-04-08 00:38:35 | Re: WAL logging problem in 9.4.3? |