Home > mailing lists

Re: Permissions on aggregate component functions - Mailing list pgsql-hackers

From	Richard Huxton
Subject	Re: Permissions on aggregate component functions
Date	January 28, 2005 11:36:41
Msg-id	41F9F992.20508@archonet.com Whole thread Raw
In response to	Re: Permissions on aggregate component functions (Simon Riggs <simon@2ndquadrant.com>)
List	pgsql-hackers

Tree view

Simon Riggs wrote:
>>
>>Clearly this is a must-fix issue, but I'm wondering exactly where the
>>check should be enforced.  Is it sufficient to check at the time of
>>CREATE AGGREGATE that the creator has appropriate rights, or do we need
>>to do it every time the aggregate is used?
> 
> 
> Well spotted.
> 
> Check should be once for each SQL statement in which the function is
> attempted to be used. Otherwise, an administrator might revoke EXECUTE
> privilege on a function that was used as part of an AGGREGATE, then
> discover that the user could still execute it in the way you suggest.

Or some sort of CASCADE should be required.

--   Richard Huxton  Archonet Ltd

pgsql-hackers by date:

From: Tom Lane
Date: 28 January 2005, 10:38:59
Subject: Re: storage of compiled functions

From: Stephen Frost
Date: 28 January 2005, 16:48:45
Subject: Re: [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Re: Permissions on aggregate component functions - Mailing list pgsql-hackers

Previous

Next