Re: permission prob: granted, but still denied

On Wed, 30 Oct 2002, Richard Huxton wrote:

> On Wednesday 30 Oct 2002 6:19 pm, Stephan Szabo wrote:
> > On Wed, 30 Oct 2002 s-psql@rhythm.cx wrote:
>
> > > > > objects in question, nor is a superuser. He has been GRANTed ALL to a
> > > > > table 'websess' as well as a table websess references, 'cscuser'.
>
> > >            Access privileges for database "csclub"
> > >           Table          |         Access privileges
> > > -------------------------+------------------------------------
> > > ...
> > >  cscuser                 | {=,webauth=arwdRxt}
> > >  cscuser_userid_seq      | {=,csclub=arwdRxt,webauth=arwdRxt}
> > >  websess                 | {=,webauth=arwdRxt}
> > > csclub=> INSERT INTO websess(hash,userid,created)
> > >          VALUES('abde',1,'2002-09-20');
> > > ERROR:  cscuser: Permission denied.
> > >
> > > Anyone have any other ideas?
> >
> > I'd guess it was the foreign key constraint check that was doing it,
> > but that should be does as the owner of the other table. Try turning
> > on query logging and seeing if you can get a better idea of what's
> > happening.
>
> Surely if webauth is granted all permissions on both tables that wouldn't
> matter?

webauth's permissions shouldn't be used on the triggered select under any
circumstances right now.  AFAIK it always runs as the owner of the other
table.