Re: New predefined roles- 'pg_read/write_all_data'

Поиск
Список
Период
Сортировка
От Stephen Frost
Тема Re: New predefined roles- 'pg_read/write_all_data'
Дата
Msg-id CAOuzzgpnUiBErYxJBc5wUYZCxjoG7njkGtxAZHZHZQRgr8pnxg@mail.gmail.com
обсуждение исходный текст
Ответ на RE: New predefined roles- 'pg_read/write_all_data'  ("Shinoda, Noriyoshi (PN Japan FSIP)" <noriyoshi.shinoda@hpe.com>)
Ответы RE: New predefined roles- 'pg_read/write_all_data'  ("Shinoda, Noriyoshi (PN Japan FSIP)" <noriyoshi.shinoda@hpe.com>)
Список pgsql-hackers
Дерево обсуждения
Greetings,

On Sun, Sep 5, 2021 at 07:43 Shinoda, Noriyoshi (PN Japan FSIP) <noriyoshi.shinoda@hpe.com> wrote:
I have tested this new feature with PostgreSQL 14 Beta 3 environment.
I created a user granted with pg_write_all_data role and executed UPDATE and DELETE statements on tables owned by other users.
If there is no WHERE clause, it can be executed as expected, but if the WHERE clause is specified, an error of permission denied will occur.
Is this the expected behavior?

A WHERE clause requires SELECT rights on the table/columns referenced and if no SELECT rights were granted then a permission denied error is the correct result, yes. Note that pg_write_all_data, as documented, does not include SELECT rights. 

Thanks,

Stephen

В списке pgsql-hackers по дате отправления:

Предыдущее
От: "Shinoda, Noriyoshi (PN Japan FSIP)"
Дата:
Сообщение: RE: New predefined roles- 'pg_read/write_all_data'
Следующее
От: Esteban Zimanyi
Дата:
Сообщение: Fwd: Problem with Unix sockets when porting MobilityDB for Windows