Q1: Who can explain the privilage of the superuser ?
In postgresql's document£¬Part VI. Reference,SQL Commands,GRANT, it said:
It should be noted that database superusers can access all objects
regardless of object privilege settings.
Q2: Why PostgreSQL check whether the view1'sowner had peivilage for tb2 when
run "select * from view1;" ? (Dongni's test case)
In Dongni's test case, current user is superuser when run "select * from
view1;" .
Reading the pg_class_aclmask() in aclchk.c, I found PG claim the current
object's owner(current object is view1) should have the select privilage for
table tb2. I dno't usderstant why do it so?
regards, hx.li
"Tom Lane" <tgl@sss.pgh.pa.us> дÈëÏûÏ¢ÐÂÎÅ:7536.1256911178@sss.pgh.pa.us...
> No, that would be a bad idea. Your proposal essentially means that it's
> impossible for a superuser to give up rights when calling a setuid
> function or view. That would be a serious security hazard.
>
> regards, tom lane
>
> --
> Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-bugs
>