Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants - Mailing list pgsql-bugs

From Tom Lane
Subject Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
Date
Msg-id 25950.1218508751@sss.pgh.pa.us
Whole thread Raw
In response to Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
List pgsql-bugs
I wrote:
> That's one heck of a scary patch: nowhere in list_union's API is there
> any guarantee that it preserves list ordering, but we *must not* change
> the positions of the existing rtable entries.

Actually there's a more fundamental problem, namely that pulled-up
subqueries aren't necessarily equal() to the originals.  They will
definitely be different if there were any uplevel Var references.

While you could argue that it doesn't matter because we'll only
end up redundantly checking permissions on multiple copies of the
RTEs, that's a bit beyond my threshold of ugliness...

            regards, tom lane

pgsql-bugs by date:

Previous
From: Tom Lane
Date:
Subject: Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
Next
From: Robert Treat
Date:
Subject: Re: return query with set-returning functions