Re: Permission to Select - Mailing list pgsql-sql

From Rod Taylor
Subject Re: Permission to Select
Date
Msg-id 1142260392.857.49.camel@home
Whole thread Raw
In response to Permission to Select  ("Eugene E." <sad@bankir.ru>)
Responses Re: Permission to Select
List pgsql-sql
On Mon, 2006-03-13 at 12:51 +0300, Eugene E. wrote:
> Hi all
> the serious problem with permissions is encountered
> 
> NOTE: the following example is really useful but there is no room to 
> describe it's use.
> 
> 
> db=# CREATE USER u;
> db=# CREATE TABLE t (i int, a text);
> db=# REVOKE all ON t FROM u;
> db=# GRANT update,insert,delete ON t TO u;
> db=# \c - u
> 
> db=> INSERT INTO t VALUES (1,'x');
> INSERT
> db=> UPDATE t SET a='y' WHERE i=1;
> ERROR: Permission denied for relation t;
> db=> UPDATE t SET a='y';
> UPDATE
> 
> 1) The user "u" is permitted but unable to perfom the operation !
> 2) A user is able to update WHOLE table but unable to update ANY part of 
> it !
> 
Good chance this was on purpose.
       BEGIN;       UPDATE compensation SET salary = salary WHERE name = 'Tom' and       salary BETWEEN 50000 and
60000;      -- No rows updated -- that's not Toms salary       rollback;              BEGIN;       UPDATE compensation
SETsalary = salary WHERE name = 'Tom' and       salary BETWEEN 60000 and 70000;       -- One row updated so I found the
range,I need a raise!       rollback;
 

By allowing the user a where clause you grant them select privileges.
You will find that delete works the same way.

This is one of those times when per column permissions are useful. You
could grant them select access on the "name" column but not the "salary"
column.


-- 



pgsql-sql by date:

Previous
From: "Daniel Caune"
Date:
Subject: Re: Ask a PostgreSql question (about select )
Next
From: Alvaro Herrera
Date:
Subject: Re: Permission to Select