public inbox for [email protected]
help / color / mirror / Atom feedFrom: Olleg Samoylov <[email protected]>
To: Richard Huxton <[email protected]>
Cc: [email protected]
Subject: Re: BUG #1610: rewrite rule and sequence
Date: Mon, 25 Apr 2005 14:31:19 +0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
Richard Huxton wrote:
> Hmm - perhaps the documentation needs expanding. Certainly, if your view
> references functions you need to make sure permissions are set correctly
> on those.
>
> How about changes along the lines of:
>
> Ch 33.4, para 2
> "... Relations that are used due to rules get checked against the
> privileges of the rule owner, not the user invoking the rule. This means
> that a user only needs the required privileges for the objects[1] that
> he names explicitly in his queries."
>
> then
>
> "[1] This includes permissions on tables and views you reference in your
> view definition. It might also include execute permissions on any
> functions referenced, and for updates, permissions on any sequences.
> This includes sequences automatically created by use of the SERIAL type."
<quote> only needs the required privileges for the objects that
he names explicitly in his queries.</quote>
Sequence for serial type don't explicitly mentioned in queries. I expect
the same behavior for rules as for function with "SECURITY DEFINER"
parameter.
--
Olleg Samoylov
Attachments:
[application/x-pkcs7-signature] smime.p7s (4.0K, 2-smime.p7s)
download
view thread (5+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: BUG #1610: rewrite rule and sequence
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox