Quick Links

Re: BUG #5147: DBA can not access view

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	"hx(dot)li" <fly2nn(at)126(dot)com>
Cc:	pgsql-bugs(at)postgresql(dot)org
Subject:	Re: BUG #5147: DBA can not access view
Date:	2009-10-30 13:59:38
Message-ID:	7536.1256911178@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

"hx.li" <fly2nn(at)126(dot)com> writes:
>> This is not a bug. The view is owned by user1 and what the view can
>> access is determined by user1's permissions, independently of who is
>> calling it.

> So I think it should not have a permission error when run "select * from
> view1".

No, that would be a bad idea. Your proposal essentially means that it's
impossible for a superuser to give up rights when calling a setuid
function or view. That would be a serious security hazard.

regards, tom lane

In response to

Re: BUG #5147: DBA can not access view at 2009-10-30 06:32:07 from hx.li

Responses

Re: BUG #5147: DBA can not access view at 2009-11-02 02:21:18 from hx.li

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Tom Lane	2009-10-30 15:34:03	Re: BUG #5145: Complex query with lots of LEFT JOIN causes segfault
Previous Message	S. Neumann	2009-10-30 10:23:19	BUG #5152: Exporting databases with pg_dump changes 'bigserial' to 'bigint'