Tom,
> BTW, what about lastval()? I'm not sure we can usefully associate any
> privilege check with that, since it's not clear which sequence it
> applies to. Does it make sense to remember what sequence the value came
> from and privilege-check against that, or is that just too weird?
Hmmm. Yet another problem with lastval(). Darn those MySQL migrators!
I'd say that lastval() needs to be defined as the superuser with "security
definer". Hmmm, although does that carry over to sequences the superuser
doesn't own? How are we handling it now?
Overal, it's hard to get too concerned about this, since a user can't
really get anything out of lastval() if he doesn't have permissions on the
sequence he's trying to query, in order to run currval.
--
--Josh
Josh Berkus
Aglio Database Solutions
San Francisco