Postgres Pro
Downloads
Home   >   mailing lists

permission-error in tables with referential integrity - Mailing list pgsql-bugs

From pgsql-bugs@postgresql.org
Subject permission-error in tables with referential integrity
Date
Msg-id 200010151936.e9FJakT73048@hub.org
Whole thread Raw
List pgsql-bugs
Tree view 
Gert Pache (uhx2@rz.uni-karlsruhe.de) reports a bug with a severity of 1
The lower the number the more severe it is.

Short Description
permission-error in tables with referential integrity

Long Description
Suppose you have a table A, which no user should be able to alter
Table B is a table, the user tom schould be able to insert/delete/select/update data.

It isn't possible to grant tom only select-rights on B, as postgre complains missing permissions for tom. (see code
exapmple)

I think that's a devasting problem, since if i also grant the update right on A to make him able to
insert/delete/updatehis record in B, 
he also gets the delete right (as update/delete isn't distinguished in postgre). An furthermore he gets also the
insert-right(the other bug-report) 

Posgre-Version: 7.0.1

Sample Code
-- Superuser creates Table A and B with rights as explanied above

delme=# create TABLE a ( int id primary key, value varchar );
ERROR:  Unable to locate type name 'id' in catalog
delme=# create TABLE a ( id int primary key, value varchar );
NOTICE:  CREATE TABLE/PRIMARY KEY will create implicit index 'a_pkey' for table 'a'
CREATE
delme=# insert into a values (0,'wert0');
INSERT 76484 1
delme=# create TABLE b (id int, ref int references a);
NOTICE:  CREATE TABLE will create implicit trigger(s) for FOREIGN KEY check(s)
CREATE
delme=# revoke all on a from public;
CHANGE
delme=# grant select on a to pgtester;
CHANGE
delme=# grant update, insert, select, delete on b to pgtester;
CHANGE
delme=# \dp a
Access permissions for database "delme"
 Relation | Access permissions
----------+--------------------
 a        | {"=","pgtester=r"}
(1 row)
delme=# \dp b
Access permissions for database "delme"
 Relation |  Access permissions
----------+----------------------
 b        | {"=","pgtester=arw"}
(1 row)


-- user pgtester isn't able to insert records in table B
-- (Because he has no permissions on A(!))
delme=> insert into b values ( 0, 0 );
ERROR:  a: Permission denied.

-- superuser also grants update to pgtester
delme=# grant update on a to pgtester;
CHANGE

-- now pgdelme=> insert into b values ( 0, 0 );
INSERT 76450 1
tester is able to insert into b



No file was uploaded with this report

pgsql-bugs by date:

Previous
From: pgsql-bugs@postgresql.org
Date:
Subject: INSERT possible without INSERT-permission
Next
From: Patrick May
Date:
Subject: Documentation Error -- JDBC