From: | "hx(dot)li" <fly2nn(at)126(dot)com> |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #5147: DBA can not access view |
Date: | 2009-11-02 05:36:41 |
Message-ID: | hclr5f$2nr7$1@news.hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
I think it is right---the superuser can select from
the view, even if the view's owner tries to prevent that---,
but maybe a good way is checking owner's privilage when creating a view as
Oracle.
It would be better not to create a view if a user cann`t access a table.
regards, hx.li
"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> :6863(dot)1257132736(at)sss(dot)pgh(dot)pa(dot)us(dot)(dot)(dot)
> "hx.li" <fly2nn(at)126(dot)com> writes:
>> In postgresql's documentPart VI. Reference,SQL Commands,GRANT, it said:
>
>> It should be noted that database superusers can access all objects
>> regardless of object privilege settings.
>
> What that means in this example is that the superuser can select from
> the view, even if the view's owner tries to prevent that. However,
> the view itself doesn't have any more permissions than it had before.
> It would have failed for anyone, and it fails for the superuser too.
>
> I grow weary of debating this with you.
>
> regards, tom lane
>
> --
> Sent via pgsql-bugs mailing list (pgsql-bugs(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-bugs
>
From | Date | Subject | |
---|---|---|---|
Next Message | donniehan | 2009-11-02 06:53:42 | Re: BUG #5147: DBA can not access view |
Previous Message | Tom Lane | 2009-11-02 03:32:16 | Re: BUG #5147: DBA can not access view |