| From: | walther(at)technowledgy(dot)de |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] Add reloption for views to enable RLS |
| Date: | 2022-02-15 08:24:28 |
| Message-ID: | 916f42ab-cc7c-2d56-f734-c0fa12522ae2@technowledgy.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Laurenz Albe:
> So even though the view owner "duff" has no permissions
> on the schema "viewtest", we can still select from the table.
> Permissions on the schema containing the table are not
> checked, only permissions on the table itself.
>
> I am not sure how to feel about this. It is not what I would have
> expected, but changing it would be a compatibility break.
> Should this be considered a live bug in PostgreSQL?
I now found the docs to say:
USAGE:
For schemas, allows access to objects contained in the schema (assuming
that the objects' own privilege requirements are also met). Essentially
this allows the grantee to “look up” objects within the schema. Without
this permission, it is still possible to see the object names, e.g., by
querying system catalogs. Also, after revoking this permission, existing
sessions might have statements that have previously performed this
lookup, so this is not a completely secure way to prevent object access.
So, this seems to be perfectly fine.
Best
Wolfgang
| From | Date | Subject | |
|---|---|---|---|
| Next Message | walther | 2022-02-15 08:37:54 | Re: [PATCH] Add reloption for views to enable RLS |
| Previous Message | John Naylor | 2022-02-15 07:35:41 | Re: Consistently use "startup process"/"WAL sender" instead of "Startup process"/"WAL Sender" in comments and docs. |