Обсуждение: Unusual permissions behaviour

Поиск
Список
Период
Сортировка

Unusual permissions behaviour

От
"Christopher Kings-Lynne"
Дата:
I have this problem in 7.1.3 - I can't confirm at the moment if it exists in
7.2.

I have already granted the 'au-dietclub' user delete and insert permissions
on the users_flags table at this point:

australia=> delete from users_flags;
DELETE 0
australia=> delete from users_flags where user_id=1;
ERROR:  users_flags: Permission denied.
australia=> \connect - chriskl
You are now connected as new user chriskl.
australia=# grant select on users_flags to "au-dietclub";
CHANGE
australia=# \connect - au-dietclub
You are now connected as new user au-dietclub.
australia=> delete from users_flags where user_id=1;
DELETE 0

Why do I get a permission denied when I qualify the DELETE statement???

Chris

Re: Unusual permissions behaviour

От
"Christopher Kings-Lynne"
Дата:
> I have this problem in 7.1.3 - I can't confirm at the moment if
> it exists in 7.2.
>
> I have already granted the 'au-dietclub' user delete and insert
> permissions on the users_flags table at this point:
>
> australia=> delete from users_flags;
> DELETE 0
> australia=> delete from users_flags where user_id=1;
> ERROR:  users_flags: Permission denied.
> australia=> \connect - chriskl
> You are now connected as new user chriskl.
> australia=# grant select on users_flags to "au-dietclub";
> CHANGE
> australia=# \connect - au-dietclub
> You are now connected as new user au-dietclub.
> australia=> delete from users_flags where user_id=1;
> DELETE 0
>
> Why do I get a permission denied when I qualify the DELETE statement???
>
> Chris
>


The schema:

CREATE TABLE "users_flags" ("user_id" integer NOT NULL REFERENCES users_users(user_id) ON DELETE
CASCADE,"flag_id" integer NOT NULL REFERENCES medidiets_flags(flag_id) ON DELETE
CASCADE,Primary Key ("user_id", "flag_id")
);
CREATE  INDEX "users_flags_flag_id_idx" on "users_flags" using btree (
"flag_id" "
int4_ops" );

Re: Unusual permissions behaviour

От
Tom Lane
Дата:
"Christopher Kings-Lynne" <chriskl@familyhealth.com.au> writes:
> Why do I get a permission denied when I qualify the DELETE statement???

IIRC, you need SELECT permission to reference the values of any fields
of the table.  If you don't have SELECT permission, the table should
be write-only to you; you shouldn't be able to learn things about its
contents by doing stuff like
begin;delete from foo where col = 1;-- observe # rows deletedrollback;-- now I know whether there is a row with col =
1
        regards, tom lane

Сайт использует файлы cookie для корректной работы и повышения удобства. Нажимая кнопку «Принять» или продолжая пользоваться сайтом, вы соглашаетесь на их использование в соответствии с Политикой в отношении обработки cookie ООО «ППГ», в том числе на передачу данных из файлов cookie сторонним статистическим и рекламным службам. Вы можете управлять настройками cookie через параметры вашего браузера