Home > mailing lists

Re: Inconsistent permission enforcement for schemas - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Inconsistent permission enforcement for schemas
Date	August 1, 2022 19:49:51
Msg-id	1846618.1659372591@sss.pgh.pa.us Whole thread Raw
In response to	Inconsistent permission enforcement for schemas (Marcin Barczyński <mba.ogolny@gmail.com>)
List	pgsql-general

Tree view

=?UTF-8?Q?Marcin_Barczy=C5=84ski?= <mba.ogolny@gmail.com> writes:
> Why can a user access a table from a forbidden schema if the table is
> explicitly specified in the definition of a view in an allowed schema? And
> not if the table is accessed by a function used in the view.

(1) Whether a view can access a table is determined by the ownership of
the view, not of the user using the view.

(2) It might be nice if the view's permissions were inherited by functions
called by the view, but we've not made that happen.  You might be able to
approximate it by marking such functions SECURITY DEFINER; although that
makes the function's permissions those of the function's owner not the
view's owner.

            regards, tom lane

pgsql-general by date:

From: Marcin Barczyński
Date: 01 August 2022, 18:48:34
Subject: Inconsistent permission enforcement for schemas

From: "sivapostgres@yahoo.com"
Date: 02 August 2022, 10:14:49
Subject: Re: Creation of FK without enforcing constraint for existing data

Re: Inconsistent permission enforcement for schemas - Mailing list pgsql-general

Previous

Next