| From: | David Christensen <david(dot)christensen(at)crunchydata(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: DELETE CASCADE |
| Date: | 2021-06-08 19:29:28 |
| Message-ID: | CAOxo6XJaM0SuTjO-ntcL9QrS6ttEa8pER=6XzOKv=23suz1s3w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>
> > So basically where we are dispatching to the CASCADE guts, first check
> session user’s DELETE permission and throw the normal permissions error if
> they can’t delete?
>
> Actually, you also need appropriate SELECT permissions that correspond
> to the WHERE clause of the DELETE statement.
>
So this would be both a table-level and column level check? (It seems odd
that we could configure a policy whereby we could DELETE an arbitrary row
in the table, but not SELECT which one, but I can see that there could be
information leakage implications here.)
Other permissions-level things to consider, like RLS, or is this part
automatic? Do you happen to know offhand another instance in the code
which takes these granular permissions into consideration? Might help
bootstrap both the understanding and the implementation of this.
Thanks,
David
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-06-08 20:08:56 | Re: Make unlogged table resets detectable |
| Previous Message | Jeff Davis | 2021-06-08 19:28:28 | Re: Make unlogged table resets detectable |