Home > mailing lists

Re: view permissions problem - featuer or bug? - Mailing list pgsql-general

From	Tom Lane
Subject	Re: view permissions problem - featuer or bug?
Date	July 8, 2000 23:34:43
Msg-id	25972.963102858@sss.pgh.pa.us Whole thread Raw
In response to	Re: view permissions problem - featuer or bug? (Travis Bauer <trbauer@indiana.edu>)
List	pgsql-general

Tree view

Travis Bauer <trbauer@indiana.edu> writes:
> That part works okay, but here is a more complicated situation that
> doesn't:

> create user user1;
> create table t1 (x int, y int);
> create table t2 (a int, y int);
> create view v1 as select * from t1 where x in (select a from t2);
>                                               ------------------
> create view v2 as select * from v1 where x>3;

> revoke all on t1 from public;
> revoke all on t2 from public;
> revoke all on v1 from public;
> revoke all on v2 from public;
> grant select on v2 to user1;

> \c - user1

> select * from v2;

> ====> v1: Permission denied.

> The problem occurs because of the nested select underlined above.

I agree, this is a bug.  The rewriter checks access permissions on the
basis of the rule's creator, not of the rule's invoker --- but it only
does so at the top level of the rule query.  It forgets to recurse into
subqueries :-(.  Fairly easy fix, will work on it for 7.1.

            regards, tom lane

pgsql-general by date:

From: Travis Bauer
Date: 08 July 2000, 19:09:41
Subject: Re: view permissions problem - featuer or bug?

From: "Morten W. Petersen"
Date: 09 July 2000, 10:19:41
Subject: Is level a reserved keyword?

Re: view permissions problem - featuer or bug? - Mailing list pgsql-general

Previous

Next