| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | David Underhill <dound07(at)gmail(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: FOR SHARE permissions |
| Date: | 2010-12-12 16:11:19 |
| Message-ID: | 4447.1292170279@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
David Underhill <dound07(at)gmail(dot)com> writes:
> I have two tables. One has a foreign key referencing a serial field in the
> other table. I've given INSERT privilege to a role other than the owner,
> but I still can't insert into the table containing the foreign key unless I
> grant the *owner* of the table UPDATE privilege on the table containing the
> referenced field.
> I don't quite understand why the *owner* needs to have UPDATE permission in
> order for another distinct role (with INSERT privilege) to be able to insert
> a row in this case.
The owner is the one who established the foreign key reference. That
reference is no concern of the third-party user who's been given insert
permission on the referencing table. The design you seem to have in
mind would make management of permissions a lot more complicated, since
instead of just granting insert permission to the third party, you'd
have to think about all the subsidiary permissions that might be needed
to deal with the table's FK linkages.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | savio rodriges | 2010-12-12 16:31:35 | Urgent -- Very High memory usage on postgreSQL server |
| Previous Message | David Underhill | 2010-12-12 03:47:50 | FOR SHARE permissions |