Re: BUG #1610: rewrite rule and sequence

From: Olleg Samoylov <olleg(at)mipt(dot)ru>
To: Richard Huxton <dev(at)archonet(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #1610: rewrite rule and sequence
Date: 2005-04-25 10:31:19
Message-ID: 426CC6F7.9000402@mipt.ru
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-docs

Richard Huxton wrote:
> Hmm - perhaps the documentation needs expanding. Certainly, if your view
> references functions you need to make sure permissions are set correctly
> on those.
>
> How about changes along the lines of:
>
> Ch 33.4, para 2
> "... Relations that are used due to rules get checked against the
> privileges of the rule owner, not the user invoking the rule. This means
> that a user only needs the required privileges for the objects[1] that
> he names explicitly in his queries."
>
> then
>
> "[1] This includes permissions on tables and views you reference in your
> view definition. It might also include execute permissions on any
> functions referenced, and for updates, permissions on any sequences.
> This includes sequences automatically created by use of the SERIAL type."

<quote> only needs the required privileges for the objects that
he names explicitly in his queries.</quote>

Sequence for serial type don't explicitly mentioned in queries. I expect
the same behavior for rules as for function with "SECURITY DEFINER"
parameter.

--
Olleg Samoylov

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Diarmaid Foley 2005-04-25 13:24:42 BUG #1623: COPY and unicode
Previous Message tesuji 2005-04-23 23:59:25 BUG #1622: not available

Browse pgsql-docs by date

  From Date Subject
Next Message Bruce Momjian 2005-04-26 03:01:13 pgsql: Mention that PAM requires the user already exist in the database,
Previous Message Mischa Sandberg 2005-04-25 00:04:21 Re: [COMMITTERS] pgsql: Remove replicaiton FAQ item.