"Sergey N. Yatskevich" <syatskevich@n21lab.gosniias.msk.ru> writes:
> Next -- test and it's output, that shows, that if view has INSERT,
> UPDATE and DELETE rules then _ANY_ user can insert, update and delete
> data in tables, that affected by this rules even user has no INSERT,
> UPDATE and DELETE privileges on view and table.
> This problem exists for at least 7.3.4 and 7.4.1 PostgreSQL versions.
I think this is the same issue discussed in this thread:
http://archives.postgresql.org/pgsql-general/2003-12/msg00551.php
and continued here:
http://archives.postgresql.org/pgsql-hackers/2003-12/msg00743.php
It's from an erroneous fix in 7.3.3 for another bug. We'll probably
have to revert that patch and try again in 7.5.
regards, tom lane