| From: | Tomonari Katsumata <katsumata(dot)tomonari(at)po(dot)ntts(dot)co(dot)jp> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: How to create read-only view on 9.3 |
| Date: | 2013-08-14 03:13:47 |
| Message-ID: | 520AF5EB.8060909@po.ntts.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
(2013/08/14 5:24), Josh Berkus wrote:
> On 08/13/2013 11:18 AM, Tom Lane wrote:
>> Hannu Krosing <hannu(at)2ndQuadrant(dot)com> writes:
>>> If you earlier used views for granting limited read access to some
views
>>> you definitely did not want view users suddenly gain also write
access to
>>> underlying table.
>>
>> Unless you'd explicitly granted those users insert/update/delete
privilege
>> on the view, they wouldn't suddenly be able to do something new in 9.3,
>> because no such privileges are granted by default. If you had granted
>> such privileges, you don't have much of a leg to stand on for
complaining
>> that now they can do it.
>
> Ah, ok. I hadn't gotten to the testing phase yet.
>
> I think we should have a script available for revoking all write privs
> on all views and link it from somewhere (the release notes?), but I
> don't see any need to change anything in the release.
>
Yes, I was not thinking about changing current 9.3 behavior.
So I think it's enough to know the impact and how to avoid that
on the release notes.
thanks a lot!
regards,
-------------------
NTT Software Corporation
Tomonari Katsumata
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2013-08-14 04:00:57 | Re: danger of stats_temp_directory = /dev/shm |
| Previous Message | Peter Eisentraut | 2013-08-14 02:16:31 | CREATE TRANSFORM syntax (was Re: [PATCH] Add transforms feature) |