Stephan Szabo wrote:
>
> On Sun, 1 Oct 2000, Peter Eisentraut wrote:
>
> > Stephan Szabo writes:
> >
> > > With that, I do have a general question though. Are referential actions
> > > supposed to be limited by the permissions of the user executing the query?
> > > So, if you for example have write access on the pk table, but not to the
> > > fk table, and there is a on cascade delete relationship, should that user
> > > not be able to delete from the pk table?
> >
> > Then you could delete records that are not in relation to the foreign keys
> > in your table. So I suppose not. Of course there does seem to be a very
> > limited range of usefulness of such a setup, but we shouldn't extrapolate
> > something potentially more useful from that.
>
> Actually, I'm mostly confused about what the spec wants done. The section
> on the referential actions says things like "the rows are marked for
> deletion" without and I can't find something there that says whether or
> not you are actually supposed to pay attention to the associated privs.
I think the user deleting (or updating) the PK table must not have DELETE or UPDATE permissions on the FK table.
Another user, who had ALTER permission for the FK table implicitly granted that right due to the CASCADE
definition.
The point is IMHO, that the user with the ALTER permission for the FK table must have REFERENCE permission
tothe PK table at the time he sets up the constraint. Otherwise, he could insert references to all PK items
withoutspecifying CASCADE and thus, deny operations on the PK table.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck@Yahoo.com #
