X-Original-To: pgsql-bugs-postgresql.org@localhost.postgresql.org Received: from localhost (unknown [200.46.204.144]) by svr1.postgresql.org (Postfix) with ESMTP id 1C0C153F87 for ; Mon, 25 Apr 2005 07:31:28 -0300 (ADT) Received: from svr1.postgresql.org ([200.46.204.71]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 51691-06 for ; Mon, 25 Apr 2005 10:31:19 +0000 (GMT) Received: from petrel.telecom.mipt.ru (petrel.telecom.mipt.ru [193.125.143.140]) by svr1.postgresql.org (Postfix) with ESMTP id 57CB853F6B for ; Mon, 25 Apr 2005 07:31:17 -0300 (ADT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by petrel.telecom.mipt.ru (Postfix) with ESMTP id ABAD7252B8641; Mon, 25 Apr 2005 14:31:19 +0400 (MSD) Message-ID: <426CC6F7.9000402@mipt.ru> Date: Mon, 25 Apr 2005 14:31:19 +0400 From: Olleg Samoylov Organization: Moscow Institute of Physics and Technology User-Agent: Debian Thunderbird 1.0.2 (X11/20050402) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Richard Huxton Cc: pgsql-bugs@postgresql.org Subject: Re: BUG #1610: rewrite rule and sequence References: <20050421121944.15E03F0B53@svr2.postgresql.org> <4267CD7F.3090100@archonet.com> <42689AA6.6080007@mipt.ru> <4268AFC5.8080506@archonet.com> In-Reply-To: <4268AFC5.8080506@archonet.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms090008030008010005080704" X-Virus-Scanned: by amavisd-new at hub.org X-Spam-Status: No, hits=0.012 tagged_above=0 required=5 tests=AWL X-Spam-Level: X-Archive-Number: 200504/183 X-Sequence-Number: 11635 This is a cryptographically signed message in MIME format. --------------ms090008030008010005080704 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Richard Huxton wrote: > Hmm - perhaps the documentation needs expanding. Certainly, if your view > references functions you need to make sure permissions are set correctly > on those. > > How about changes along the lines of: > > Ch 33.4, para 2 > "... Relations that are used due to rules get checked against the > privileges of the rule owner, not the user invoking the rule. This means > that a user only needs the required privileges for the objects[1] that > he names explicitly in his queries." > > then > > "[1] This includes permissions on tables and views you reference in your > view definition. It might also include execute permissions on any > functions referenced, and for updates, permissions on any sequences. > This includes sequences automatically created by use of the SERIAL type." only needs the required privileges for the objects that he names explicitly in his queries. Sequence for serial type don't explicitly mentioned in queries. I expect the same behavior for rules as for function with "SECURITY DEFINER" parameter. -- Olleg Samoylov --------------ms090008030008010005080704 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILHDCC BYowggRyoAMCAQICAQQwDQYJKoZIhvcNAQEEBQAwgeMxCzAJBgNVBAYTAlJVMRYwFAYDVQQI Ew1Nb3Njb3cgcmVnaW9uMRQwEgYDVQQHEwtEb2xnb3BydWRueTFGMEQGA1UEChM9TW9zY293 IEluc3RpdHV0ZSBvZiBQaHlzaWNzIGFuZCBUZWNobm9sb2d5IChTdGF0ZSBVbml2ZXJzaXR5 KTEQMA4GA1UECxMHVGVsZWNvbTEdMBsGA1UEAxMUTUlQVCBUZWxlY29tIFJvb3QgQ0ExLTAr BgkqhkiG9w0BCQEWHk1JUFQgVGVsZWNvbSA8dGVsZWNvbUBtaXB0LnJ1PjAeFw0wNDA0MTYw OTE1MzBaFw0wNTA1MjEwOTE1MzBaMIG2MQswCQYDVQQGEwJSVTEWMBQGA1UECBMNTW9zY293 IHJlZ2lvbjFGMEQGA1UEChM9TW9zY293IEluc3RpdHV0ZSBvZiBQaHlzaWNzIGFuZCBUZWNo bm9sb2d5IChTdGF0ZSBVbml2ZXJzaXR5KTEQMA4GA1UECxMHVGVsZWNvbTEXMBUGA1UEAxMO T2xsZWcgU2Ftb3lsb3YxHDAaBgkqhkiG9w0BCQEWDW9sbGVnQG1pcHQucnUwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0KQ5jnmerWUyHmUpK0AyF0wTM63jUBtjeu7CJnRiD y/aMGaaZrFb7ARZ1Pa1BplUCYU/y5KkM+WaYvvUTNETTJxYgTLGW+HFoXLKT+iAW/xTGIt8X e9q7+C6R7+P7ffyc8TwdPkZWpXN5gylIbfCjvzcBB9d8TqXQWG93NtJvut1uQmLg37kKpHDv z3+d9OJ6+X3mlNOgm32NuSXNqXkahHSofqMbQosltijBnn5n7VGY68NOrNENwv5L6Fr5PWfs IF0ckRS1gkPfpSezT27GdQwVuYKkqGLNTSM+KkdWeY0iDYy7M8BhBn+PPpUbRE//8dJVIxRg pmiJcE+4J6G9AgMBAAGjggFyMIIBbjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUbwmSSHp4RwoImbeQupkzlrWN gZwwggESBgNVHSMEggEJMIIBBYAUGU8ELdohM+B3QiqpwBIAzdB/hbGhgemkgeYwgeMxCzAJ BgNVBAYTAlJVMRYwFAYDVQQIEw1Nb3Njb3cgcmVnaW9uMRQwEgYDVQQHEwtEb2xnb3BydWRu eTFGMEQGA1UEChM9TW9zY293IEluc3RpdHV0ZSBvZiBQaHlzaWNzIGFuZCBUZWNobm9sb2d5 IChTdGF0ZSBVbml2ZXJzaXR5KTEQMA4GA1UECxMHVGVsZWNvbTEdMBsGA1UEAxMUTUlQVCBU ZWxlY29tIFJvb3QgQ0ExLTArBgkqhkiG9w0BCQEWHk1JUFQgVGVsZWNvbSA8dGVsZWNvbUBt aXB0LnJ1PoIBADANBgkqhkiG9w0BAQQFAAOCAQEAPcQ/XPYan34EDNmXucncg8zmmOb6VnHp vEGjwkVSe3AnMJH9ptBrkMAzPZepAjfq1VVawbYV5vdhztCZF1W59IlwauqNymFzU/j+W4AW jzRfZqDV1YANw7KvsRdm+rnWZ7A924zHtIbqcWC52YB+vM4tdA284RBMm/Z8tKwsiBZYqvlp JUN/6xXYMQKTI/PK03/i3P+45fjdlAcmrsv4CpBa3rR8c9kCX5jM0wezoEakbnAYADYjGfns BhNrSqeMYu+Z0uiJaW/Liaub6/C4WcxzJl5xGU0uaY9kiLDou6arQueNjUw2x2xuAeARLag8 AAnZmBjr4/VQQTEGINsf6jCCBYowggRyoAMCAQICAQQwDQYJKoZIhvcNAQEEBQAwgeMxCzAJ BgNVBAYTAlJVMRYwFAYDVQQIEw1Nb3Njb3cgcmVnaW9uMRQwEgYDVQQHEwtEb2xnb3BydWRu eTFGMEQGA1UEChM9TW9zY293IEluc3RpdHV0ZSBvZiBQaHlzaWNzIGFuZCBUZWNobm9sb2d5 IChTdGF0ZSBVbml2ZXJzaXR5KTEQMA4GA1UECxMHVGVsZWNvbTEdMBsGA1UEAxMUTUlQVCBU ZWxlY29tIFJvb3QgQ0ExLTArBgkqhkiG9w0BCQEWHk1JUFQgVGVsZWNvbSA8dGVsZWNvbUBt aXB0LnJ1PjAeFw0wNDA0MTYwOTE1MzBaFw0wNTA1MjEwOTE1MzBaMIG2MQswCQYDVQQGEwJS VTEWMBQGA1UECBMNTW9zY293IHJlZ2lvbjFGMEQGA1UEChM9TW9zY293IEluc3RpdHV0ZSBv ZiBQaHlzaWNzIGFuZCBUZWNobm9sb2d5IChTdGF0ZSBVbml2ZXJzaXR5KTEQMA4GA1UECxMH VGVsZWNvbTEXMBUGA1UEAxMOT2xsZWcgU2Ftb3lsb3YxHDAaBgkqhkiG9w0BCQEWDW9sbGVn QG1pcHQucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0KQ5jnmerWUyHmUpK 0AyF0wTM63jUBtjeu7CJnRiDy/aMGaaZrFb7ARZ1Pa1BplUCYU/y5KkM+WaYvvUTNETTJxYg TLGW+HFoXLKT+iAW/xTGIt8Xe9q7+C6R7+P7ffyc8TwdPkZWpXN5gylIbfCjvzcBB9d8TqXQ WG93NtJvut1uQmLg37kKpHDvz3+d9OJ6+X3mlNOgm32NuSXNqXkahHSofqMbQosltijBnn5n 7VGY68NOrNENwv5L6Fr5PWfsIF0ckRS1gkPfpSezT27GdQwVuYKkqGLNTSM+KkdWeY0iDYy7 M8BhBn+PPpUbRE//8dJVIxRgpmiJcE+4J6G9AgMBAAGjggFyMIIBbjAJBgNVHRMEAjAAMCwG CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU bwmSSHp4RwoImbeQupkzlrWNgZwwggESBgNVHSMEggEJMIIBBYAUGU8ELdohM+B3QiqpwBIA zdB/hbGhgemkgeYwgeMxCzAJBgNVBAYTAlJVMRYwFAYDVQQIEw1Nb3Njb3cgcmVnaW9uMRQw EgYDVQQHEwtEb2xnb3BydWRueTFGMEQGA1UEChM9TW9zY293IEluc3RpdHV0ZSBvZiBQaHlz aWNzIGFuZCBUZWNobm9sb2d5IChTdGF0ZSBVbml2ZXJzaXR5KTEQMA4GA1UECxMHVGVsZWNv bTEdMBsGA1UEAxMUTUlQVCBUZWxlY29tIFJvb3QgQ0ExLTArBgkqhkiG9w0BCQEWHk1JUFQg VGVsZWNvbSA8dGVsZWNvbUBtaXB0LnJ1PoIBADANBgkqhkiG9w0BAQQFAAOCAQEAPcQ/XPYa n34EDNmXucncg8zmmOb6VnHpvEGjwkVSe3AnMJH9ptBrkMAzPZepAjfq1VVawbYV5vdhztCZ F1W59IlwauqNymFzU/j+W4AWjzRfZqDV1YANw7KvsRdm+rnWZ7A924zHtIbqcWC52YB+vM4t dA284RBMm/Z8tKwsiBZYqvlpJUN/6xXYMQKTI/PK03/i3P+45fjdlAcmrsv4CpBa3rR8c9kC X5jM0wezoEakbnAYADYjGfnsBhNrSqeMYu+Z0uiJaW/Liaub6/C4WcxzJl5xGU0uaY9kiLDo u6arQueNjUw2x2xuAeARLag8AAnZmBjr4/VQQTEGINsf6jGCBMIwggS+AgEBMIHpMIHjMQsw CQYDVQQGEwJSVTEWMBQGA1UECBMNTW9zY293IHJlZ2lvbjEUMBIGA1UEBxMLRG9sZ29wcnVk bnkxRjBEBgNVBAoTPU1vc2NvdyBJbnN0aXR1dGUgb2YgUGh5c2ljcyBhbmQgVGVjaG5vbG9n eSAoU3RhdGUgVW5pdmVyc2l0eSkxEDAOBgNVBAsTB1RlbGVjb20xHTAbBgNVBAMTFE1JUFQg VGVsZWNvbSBSb290IENBMS0wKwYJKoZIhvcNAQkBFh5NSVBUIFRlbGVjb20gPHRlbGVjb21A bWlwdC5ydT4CAQQwCQYFKw4DAhoFAKCCAq0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMDUwNDI1MTAzMTE5WjAjBgkqhkiG9w0BCQQxFgQUd2OlHllJbThp xKUEuoMmowZiwPIwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC AIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgfoGCSsGAQQBgjcQ BDGB7DCB6TCB4zELMAkGA1UEBhMCUlUxFjAUBgNVBAgTDU1vc2NvdyByZWdpb24xFDASBgNV BAcTC0RvbGdvcHJ1ZG55MUYwRAYDVQQKEz1Nb3Njb3cgSW5zdGl0dXRlIG9mIFBoeXNpY3Mg YW5kIFRlY2hub2xvZ3kgKFN0YXRlIFVuaXZlcnNpdHkpMRAwDgYDVQQLEwdUZWxlY29tMR0w GwYDVQQDExRNSVBUIFRlbGVjb20gUm9vdCBDQTEtMCsGCSqGSIb3DQEJARYeTUlQVCBUZWxl Y29tIDx0ZWxlY29tQG1pcHQucnU+AgEEMIH8BgsqhkiG9w0BCRACCzGB7KCB6TCB4zELMAkG A1UEBhMCUlUxFjAUBgNVBAgTDU1vc2NvdyByZWdpb24xFDASBgNVBAcTC0RvbGdvcHJ1ZG55 MUYwRAYDVQQKEz1Nb3Njb3cgSW5zdGl0dXRlIG9mIFBoeXNpY3MgYW5kIFRlY2hub2xvZ3kg KFN0YXRlIFVuaXZlcnNpdHkpMRAwDgYDVQQLEwdUZWxlY29tMR0wGwYDVQQDExRNSVBUIFRl bGVjb20gUm9vdCBDQTEtMCsGCSqGSIb3DQEJARYeTUlQVCBUZWxlY29tIDx0ZWxlY29tQG1p cHQucnU+AgEEMA0GCSqGSIb3DQEBAQUABIIBAF5UTu0XAnviB/HKIIZ5rE1iYFrE0VO9ASnn L5Okz/WDlmBSppOqKlm6r5UKSJefLWlfvHEaAPxjGI3f2fG8n4eECG8hbYW+GLW52HMZ+frm hDQYocvX2LsaYLHcAau0VWAcBsQ8DrhYvIYPyNozo2B8Z3p5Ju4JYU/FvlC8Czvo+OhSB4rI bJ/8ivbyC/52JNi7HtVZjsxDYz4LH3myAlQ8JMa/kolsUbhCIHk5AQ7mrw9Iv5r16yoCp1oi F0u5oJs24o0IITUkzF/nk+Y6ntftTxBi/BAcDV/suC0+1tJiEYfU1njbmBIx8GI8uHoeEzpH M6ds2bCE1Zs8/8GKQIUAAAAAAAA= --------------ms090008030008010005080704--