Re: [HACKERS] New Developer's FAQ item

>
> > Is all this relevant for writing triggers that have to access tables
> > in order to verify/modify a given tuple? Is that even possible? Are
> > there any examples?
>
> But keep in mind that the syscache and heap access goes
> in without ACL checks!
>
> I don't quite know what you mean here. What are ACL checks? Sorry
> for the naive question.
>
> Cheers,
> Brook

On any table, the owner or a superuser can GRANT or REVOKE
access to or from other users. Thus, you might have granted
another user permissions to read some of your tables, but not
other ones. The permissions you've setup are held in the
relacl column in pg_class.

But these permissions are checked only if a regular query is
processed by the executor (or after my new changes during
query rewrite). When accessing information through the
syscache or heap access methods, the ACL's (access control
lists) aren't checked.

If you write a function, that reads tables and returns
information from them, any user can use these functions to
see the data they return. Even if you explicitly revoked the
user from reading these tables. If the function uses SPI to
access the tables, the ACL checks get performed and the user
cannot use them to look at your data.

Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #