Re: view permissions problem - featuer or bug?

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: view permissions problem - featuer or bug?
Дата
Msg-id 25972.963102858@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: view permissions problem - featuer or bug?  (Travis Bauer <trbauer@indiana.edu>)
Список pgsql-general
Дерево обсуждения 
Travis Bauer <trbauer@indiana.edu> writes:
> That part works okay, but here is a more complicated situation that
> doesn't:

> create user user1;
> create table t1 (x int, y int);
> create table t2 (a int, y int);
> create view v1 as select * from t1 where x in (select a from t2);
>                                               ------------------
> create view v2 as select * from v1 where x>3;

> revoke all on t1 from public;
> revoke all on t2 from public;
> revoke all on v1 from public;
> revoke all on v2 from public;
> grant select on v2 to user1;

> \c - user1

> select * from v2;

> ====> v1: Permission denied.

> The problem occurs because of the nested select underlined above.

I agree, this is a bug.  The rewriter checks access permissions on the
basis of the rule's creator, not of the rule's invoker --- but it only
does so at the top level of the rule query.  It forgets to recurse into
subqueries :-(.  Fairly easy fix, will work on it for 7.1.

            regards, tom lane

В списке pgsql-general по дате отправления:

Предыдущее
От: Travis Bauer
Дата:
Сообщение: Re: view permissions problem - featuer or bug?
Следующее
От: "Morten W. Petersen"
Дата:
Сообщение: Is level a reserved keyword?