Peter Eisentraut <peter_e@gmx.net> writes:
> There is a gap in the permission scheme for inheritance setups. Say you
> have this:
> CREATE TABLE persons (...);
> CREATE TABLE employees (...) INHERITS (persons);
> GRANT SELECT ON persons TO foo;
> Then user foo can extract who the employees are using
> SELECT * FROM persons EXCEPT SELECT * FROM ONLY persons;
And this is a problem why exactly? It's entirely likely that
employee-ness can be determined just from what is visible in
the persons view, anyway. Not to mention tableoid.
> I think this would be the proper and useful thing to do, especially in
> conjunction with the new recursive grant behavior. There would probably
> be some upgrading issues. For example, GRANTs imported via pg_dump from
> 8.4 would probably need to change SELECT to SELECT WITH HIERARCHY
> OPTION, and even that technically wouldn't cover all cases.
That sounds like "this will break everything in sight, especially
pre-existing dump files" :-(
regards, tom lane