I agree with Hxli. It may be a good way to add permissions check when create the view.
I also find 2 pieces of words in the document about the owner of the object.
"By default, only the owner of an object can do anything with the object."
"....as the owner has all privileges by default."
In my case, as the view1 is already owned by user1, so user1 should has all privileges of view1, but user1 can not select from view1, I am very confused by these words. So it maybe necessary to check the user's permissions when he create the object.
"hx.li" <fly2nn(at)126(dot)com> 写入消息 news:hclr5f$2nr7$1(at)news(dot)hub(dot)org(dot)(dot)(dot)> I think it is right---the superuser can select from> the view, even if the view's owner tries to prevent that---,> > but maybe a good way is checking owner's privilage when creating a view as > Oracle.> > It would be better not to create a view if a user cann`t access a table.> > regards, hx.li> > "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> 写入消息新闻:6863(dot)1257132736(at)sss(dot)pgh(dot)pa(dot)us(dot)(dot)(dot)>> "hx.li" <fly2nn(at)126(dot)com> writes:>>> In postgresql's document，Part VI. Reference,SQL Commands,GRANT, it said:>>>>> It should be noted that database superusers can access all objects>>> regardless of object privilege settings.>>>> What that means in this example is that the superuser can select from>> the view, even if the view's owner tries to prevent that. However,>> the view itself doesn't have any more permissions than it had before.>> It would have failed for anyone, and it fails for the superuser too.>>>> I grow weary of debating this with you.>>>> regards, tom lane>>>> -- >> Sent via pgsql-bugs mailing list (pgsql-bugs(at)postgresql(dot)org)>> To make changes to your subscription:>> http://www.postgresql.org/mailpref/pgsql-bugs>> > >
In response to
pgsql-bugs by date
|Next:||From: Craig Ringer||Date: 2009-11-02 07:26:36|
|Subject: Re: Postmaster hangs|
|Previous:||From: hx.li||Date: 2009-11-02 05:36:41|
|Subject: Re: BUG #5147: DBA can not access view|