On Monday, February 28, 2011 8:17:07 am Tom Lane wrote:
> Adrian Klaver <adrian.klaver@gmail.com> writes:
> > On Monday, February 28, 2011 8:02:53 am Tom Lane wrote:
> >> Right. But actually, that query will be run with the permissions of the
> >> owner of the table, so it's that user (not necessarily the one doing the
> >> INSERT) who lacks permissions.
> >
> > The OP listed the permissions for the tables:
> >
> > spam=> \z out2cp
> >
> > Access privileges for
> >
> > database "spam"
> >
> > Schema | Name | Type |
> >
> > Access privileges
> > --------+--------+-------+-----------------------------------------------
> > --------------------------------------------------------
> >
> > public | out2cp | table |
> >
> > {swcoll=r/petrcech,swcgi=r/petrcech,spamdump=r/petrcech,facility=r/petrce
> > ch,borelupo=arwdxt/petrcech} (1 row)
> >
> > Looks like borelupo is owner of permout and has permissions on out2cp.
>
> But what matters is the permissions of the owner of out2cp, which looks
> from this to be petrcech. And I don't see that he's granted himself
> any permissions.
>
> regards, tom lane
I understand, yet I don't:) Seems I have a misconception of the the FOREIGN KEY
process. The error was on the query below, which I am taking is the query you
refer to above. To me it looks like a look up from the referencing(permout)
table to the referenced(out2cp) one. The part I am not clear on is why that runs
with the permissions of the referenced table not the referencing table?
ERROR: permission denied for relation out2cp
CONTEXT: SQL statement "SELECT 1 FROM ONLY "public"."out2cp" x WHERE
"site"::pg_catalog.text OPERATOR(pg_catalog.=) $1::pg_catalog.text AND
"cp"::pg_catalog.text OPERATOR(pg_catalog.=) $2::pg_catalog.text FOR
SHARE OF x"
--
Adrian Klaver
adrian.klaver@gmail.com