Hannu Krosing <hannu@2ndQuadrant.com> writes:
> If you earlier used views for granting limited read access to some views
> you definitely did not want view users suddenly gain also write access to
> underlying table.
Unless you'd explicitly granted those users insert/update/delete privilege
on the view, they wouldn't suddenly be able to do something new in 9.3,
because no such privileges are granted by default. If you had granted
such privileges, you don't have much of a leg to stand on for complaining
that now they can do it.
I think this whole thread is nonsense. We expended a good deal of sweat
in 9.3 to add a feature that's *required by SQL standard*, and now people
are acting like we should turn it off. I do not believe that there are
many users for which this will be a problem; and we shouldn't let one
complaint drive us to do something silly.
In fact, I'm not sure there are *any* users for which this is a problem.
AFAICS there are two cases:
1. The view in question is owned by you. Then you have insert etc
privileges on it by default, and so 9.3 will let you insert into it
by default. But the view grants you no capability that you didn't have
anyway, just by inserting directly into the underlying table.
2. The view in question is not owned by you. Then you don't have insert
(or any other) privilege on it by default.
There's no "security hole" here; if someone can do something that
they couldn't do before, it's because you explicitly granted them
privileges to do so. I don't think you have a lot of room to complain
if those privileges now do what the SQL standard says they should do.
regards, tom lane
