Re: [HACKERS] something smells bad - Mailing list pgsql-general

From Martín Marqués
Subject Re: [HACKERS] something smells bad
Date
Msg-id 01060619124607.29859@bugs
Whole thread Raw
In response to Re: [HACKERS] something smells bad  (Alex Pilosov <alex@pilosoft.com>)
Responses Re: [HACKERS] something smells bad
List pgsql-general
On Jue 07 Jun 2001 01:14, Alex Pilosov wrote:
> On Wed, 6 Jun 2001, [iso-8859-1] Martín Marqués wrote:
> > On Jue 07 Jun 2001 00:58, you wrote:
> > > 1) Please don't crosspost to both hackers and general
>
> (plonk myself)

Sorry, I sent it to both because it's what I usually see on things that seem
to not work on Postgres.

> > > On Wed, 6 Jun 2001, [iso-8859-1] Martín Marqués wrote:
> > > > ERROR:  carrera_id_curso_seq.nextval: you don't have permissions to
> > > > set sequence carrera_id_curso_seq
> > >
> > > Because of the way postgres works, you need to grant write permission
> > > on the carrera_id_curso_seq for your inserts to succeed.
> >
> > This doesn't sound logical. The user from the group granted can insert
> > data, but not in a SERIAL field?
> > This is not what the "RULES and permissions" documentation says.
>
> I guess the documentation has to be changed then.
>
> Postgres sequences are really non-transparent, and you have to be aware of
> that. Such as, when you drop the table, sequence won't get dropped,
> permissions are separate on table and sequence, and various other things.

I am aware of this.

> >  area_id_area_seq            |
> >  carrera_id_curso_seq        |
> >  categ_id_categ_seq          |
> >  docentes_id_docente_seq     |
> >  facultad_id_fac_seq         |
> >  log_carrera_id_log_seq      |
> >  materias_id_mat_seq         |
> >  niveles_id_nivel_seq        |
> >
> > As you can see, the permissions look OK.
>
> You must have permissions on _seq as well as on the underlying table...

OK, now I'm more then astonished!
Why was I able to insert as martin then?
Isn't it true (as the docs say) that when I execute a query over a view with
rules, the rules (querys in the DO of the RULE) are executed with permssions
of the owner of the rule (or the view? Any way, martin is owner of both) and
not of the user that executed the query?

I am totally puzzeled! %-P

Saludos... :-)

--
Cualquiera administra un NT.
Ese es el problema, que cualquiera administre.
-----------------------------------------------------------------
Martin Marques                  |        mmarques@unl.edu.ar
Programador, Administrador      |       Centro de Telematica
                       Universidad Nacional
                            del Litoral
-----------------------------------------------------------------

pgsql-general by date:

Previous
From: Alex Pilosov
Date:
Subject: Re: [HACKERS] something smells bad
Next
From: Stephan Szabo
Date:
Subject: Re: [SQL] maximum number of rows in table - what about oid limits?