| From: | Gaetano Mendola <mendola(at)bigfoot(dot)com> |
|---|---|
| To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | josh(at)agliodbs(dot)com |
| Subject: | problem permission on view |
| Date: | 2004-09-16 22:16:25 |
| Message-ID: | 414A10B9.5060200@bigfoot.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
I'm having some problem with permissions on views, I spoke with Josh on IRC
about it and I'm reposting it:
I found a not simmetrical behavior about permission on views and functions.
Let me explain:
If I use the view/table T inside the view V, is enough give the select
permission on view V remove the select permission on the view/table used
and all is working as expected.
If I use the view/table T inside the funcion F is enough declare F with
the "Secuity definer" attribute and of course give the execution permission,
the select permission on the view/table used and all is working as expected
In these two cases above all is working fine, the following case have some
problems:
If the view V use a function F.
In this last case is not enough have the select permisson on V but I have
to give also the Execution permission on F!!!
This fact are driving us to put
1) Select permission on V
2) Exceute permission + Security Definer attr on F.
this last point give to the user the possibility to execute F with any
aribitrary value, instead of only the values present on the view ( already
filtered ).
Regards
Gaetano Mendola
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2004-09-16 22:25:08 | Re: problem permission on view |
| Previous Message | Tom Lane | 2004-09-16 18:12:40 | Re: [HACKERS] Problems with SPI memory management |