On 02/28/2013 02:08 PM, Tom Lane wrote:
> Mark Stosberg <mark@summersault.com> writes:
>> # Explicitly grant access to the view.
>> db=> grant select on entities_not_deleted to myuser;
>> GRANT
>
>> # Try again to use the view. Still fails
>> db=> SELECT 1 FROM entities_not_deleted WHERE some_col = 'y';
>> ERROR: permission denied for relation entities
>
> What's failing is that the *owner of the view* needs, and hasn't got,
> select access on the entities table. This is a separate check from
> whether the current user has permission to select from the view.
> Without such a check, views would be a security hole.
This was precisely our issue. Thanks, Tom.
I changed the owner of the view, and our approach is working now.
Mark