Hi all,
I'm having some problem with permissions on views, I spoke with Josh on IRC
about it and I'm reposting it:
I found a not simmetrical behavior about permission on views and functions.
Let me explain:
If I use the view/table T inside the view V, is enough give the select
permission on view V remove the select permission on the view/table used
and all is working as expected.
If I use the view/table T inside the funcion F is enough declare F with
the "Secuity definer" attribute and of course give the execution permission,
the select permission on the view/table used and all is working as expected
In these two cases above all is working fine, the following case have some
problems:
If the view V use a function F.
In this last case is not enough have the select permisson on V but I have
to give also the Execution permission on F!!!
This fact are driving us to put
1) Select permission on V
2) Exceute permission + Security Definer attr on F.
this last point give to the user the possibility to execute F with any
aribitrary value, instead of only the values present on the view ( already
filtered ).
Regards
Gaetano Mendola