Re: [HACKERS] Here it is - view permissions
| От | jwieck@debis.com (Jan Wieck) |
|---|---|
| Тема | Re: [HACKERS] Here it is - view permissions |
| Дата | |
| Msg-id | m0y6wmN-000BFRC@orion.SAPserv.Hamburg.dsh.de обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Here it is - view permissions (Mattias Kregert <matti@algonet.se>) |
| Список | pgsql-hackers |
>
> Bruce Momjian wrote:
> >
> > OK, but why would anyone want the old behavior?
> >
> > I guess if you have a table that is not select-able by everyone, and you
> > create a view on it, the default permits will allow select to others.
> > You would have to set the permit on that view. Is there more to that
> > pg_class flag you want to add?
>
> Why does views default to 'select' permission for 'public'?
> I think most people will never think of the possibility that others
> will be able to SELECT their data through views.
> Should not 'create view' at least print a NOTICE about this?
Because the current ACL_WORLD_DEFAULT in include/utils/acl.h
is ACL_RD.
Anything not revoked explicitly is granted select to public.
Not only views. Think of it as a umask of 022.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck@debis.com (Jan Wieck) #
В списке pgsql-hackers по дате отправления: