On Jul 6, 2006, at 11:02 AM, Phil Frost wrote:
> I hope the above example is strong enough to elicit a comment from a
> qualified developer. If it is not, consider that stored procedures
> contain prepared statements, and many client applications cache
> prepared
> statements as well. Thus, revoking usage on a schema is about as
> good as
> nothing until all sessions have ended. It also means that any function
> which operates with OIDs can potentially bypass the schema usage
> check.
I'm pretty sure that's by design, especially given this tidbit of the
docs:
"Essentially this allows the grantee to "look up" objects within the
schema."
Though perhaps the intention is to change this once we have a means
to invalidate plans.
The docs probably should elaborate that once something's been looked
up you no longer need permissions on the schema it resides in.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461