Обсуждение: Re: [HACKERS] Here it is - view permissions
Bruce Momjian wrote: >All tables are created with default permissions for SELECT to PUBLIC, so >views are no different. Is this not contrary to the SQL standard? I understood that SQL tables are created with permissions for their creator only; any permissions for other users must be granted explicitly. According to "SQL The Standard Handbook" (Cannan & Otten, 1993), the owner of the schema in which a table is created is given a full set of privileges, and no other user can access the table or even discover that it exists! It certainly seems undesirable to give automatic access to data of unknown sensitivity. Surely the default permission should be for the table's creator alone or for the owner of the PostgreSQL database (which I suppose is equivalent to the `schema'). I see that Jan Wieck has posted a method for preventing world readability; perhaps this should just be flagged as a configurable option. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP key from public servers; key ID 32B8FAA1
Oliver Elphick wrote:
>
> Bruce Momjian wrote:
> >All tables are created with default permissions for SELECT to PUBLIC, =
> so
> >views are no different.
>
> Is this not contrary to the SQL standard? I understood that SQL tables
> are created with permissions for their creator only; any permissions for
> other users must be granted explicitly. According to "SQL The Standard
> Handbook" (Cannan & Otten, 1993), the owner of the schema in which a tabl=
> e
> is created is given a full set of privileges, and no other user can acces=
> s
> the table or even discover that it exists!
^^^^^^^^^^^^^^!!!
Ha!
The next table we must hide and create a view on :-)
This time the view must check if the user has at least SELECT
permission on the table/view and hide rows. More tricky -
I'll try to work it out. But not doday - I'm tired and I know
what can happen then (saying '... and make even this little
thing' at 23:00 to reach the state of 22:59 at 04:00 :-).
Good night to all!
But a last word: There are even more such tables as the
tables/views are also reflected in pg_attributes, pg_rewrite
and so on. Even if here only the Oid shows up.
If we really want to get all this up to the highest level, we
need sometimes a proacl field in pg_proc ... *Ack* - Bruce,
*Outch* - no - not the pumpgun - *Help*
:-)
>
> It certainly seems undesirable to give automatic access to data of unknow=
> n
> sensitivity. Surely the default permission should be for the table's
> creator alone or for the owner of the PostgreSQL database (which I suppos=
> e =
>
> is equivalent to the `schema').
>
> I see that Jan Wieck has posted a method for preventing world readability=
> ;
> perhaps this should just be flagged as a configurable option.
But configurable at compile time - not a runtime option
please.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck@debis.com (Jan Wieck) #
>
> Bruce Momjian wrote:
> >All tables are created with default permissions for SELECT to PUBLIC, so
> >views are no different.
>
> Is this not contrary to the SQL standard? I understood that SQL tables
> are created with permissions for their creator only; any permissions for
> other users must be granted explicitly. According to "SQL The Standard
> Handbook" (Cannan & Otten, 1993), the owner of the schema in which a table
> is created is given a full set of privileges, and no other user can access
Will be the default in 6.3, I think.
> the table or even discover that it exists!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Not in 6.3, or maybe ever. Too much OO stuff for that, I think.
>
> It certainly seems undesirable to give automatic access to data of unknown
> sensitivity. Surely the default permission should be for the table's
> creator alone or for the owner of the PostgreSQL database (which I suppose
> is equivalent to the `schema').
>
> I see that Jan Wieck has posted a method for preventing world readability;
> perhaps this should just be flagged as a configurable option.
--
Bruce Momjian | 830 Blythe Avenue
maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)
So I've never gotten the distinction -- what makes postgreSQL an object oriented database, aside from the oid attribute and class inheritance (which could work a little better.. no way to find out the child class of a tuple in a select from parent_class* query). and what makes it relational? the fact that it can do joins? in confused delerium, --brett On Mon, 23 February 1998, at 17:35:09, Bruce Momjian wrote: > Will be the default in 6.3, I think. > > > the table or even discover that it exists! > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Not in 6.3, or maybe ever. Too much OO stuff for that, I think. > > > > > It certainly seems undesirable to give automatic access to data of unknown > > sensitivity. Surely the default permission should be for the table's > > creator alone or for the owner of the PostgreSQL database (which I suppose > > is equivalent to the `schema'). > > > > I see that Jan Wieck has posted a method for preventing world readability; > > perhaps this should just be flagged as a configurable option. > > > -- > Bruce Momjian | 830 Blythe Avenue > maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026 > + If your life is a hard drive, | (610) 353-9879(w) > + Christ can be your backup. | (610) 853-3000(h)
> So I've never gotten the distinction -- what makes postgreSQL an
> object oriented database...
It is not. It is object-relational, which is relational with some object-oriented
features. The type/function extensibility is the most visible of these features.
> and what makes it relational? the fact that it can do joins?
And allows one to use other aspects of relational algebra.
- Tom
On Tue, 24 February 1998, at 02:37:02, Thomas G. Lockhart wrote: > > So I've never gotten the distinction -- what makes postgreSQL an > > object oriented database... > > It is not. It is object-relational, which is relational with some object-oriented > features. The type/function extensibility is the most visible of these features. Whoops, that should have been a no-brainer (because I already knew that) > > > and what makes it relational? the fact that it can do joins? > > And allows one to use other aspects of relational algebra. what is relational algebra? operations on entire tuples?