Home > mailing lists

Re: [HACKERS] Priviliges on tables and views - Mailing list pgsql-hackers

From	Vadim B. Mikheev
Subject	Re: [HACKERS] Priviliges on tables and views
Date	January 14, 1998 01:20:48
Msg-id	34BC2ED6.CCD4604E@sable.krasnoyarsk.su Whole thread Raw
In response to	Priviliges on tables and views (darcy@druid.net (D'Arcy J.M. Cain))
Responses	Re: [HACKERS] Priviliges on tables and views (darcy@druid.net (D'Arcy J.M. Cain))
List	pgsql-hackers

Tree view

D'Arcy J.M. Cain wrote:
>
> REVOKE ALL ON account FROM PUBLIC;
>
> CREATE VIEW passwd AS SELECT uid, login, bid, gcos, home, shell
>     FROM account WHERE a_active = 't';
>
> REVOKE ALL ON passwd FROM PUBLIC;
> GRANT SELECT ON passwd TO PUBLIC;
>
> Unfortunately this doesn't work.  The VIEW inherits the permissions
> from the table it is a view of.  It seems to me that allowing a view
> to define permissions separately from its parent would be a useful
> thing.  So, does anyone know if this behaviour is allowed by the
> SQL spec and if it is allowed, would this be difficult to do?

This is allowed by SQL and this is very useful thing. Not easy to implement:
views are handled by RULES - after parsing and before planning, - but
permissions are checked by executor (execMain.c:InitPlan()->ExecCheckPerms()).

Vadim

pgsql-hackers by date:

From: "Vadim B. Mikheev"
Date: 14 January 1998, 01:10:39
Subject: Re: [HACKERS] Re: subselects

From: Bruce Momjian
Date: 14 January 1998, 01:23:53
Subject: Re: [HACKERS] grant still broken

Re: [HACKERS] Priviliges on tables and views - Mailing list pgsql-hackers

Previous

Next