KaiGai Kohei napsal(a):
> I tried to check the default ACL behavior.
>
> It works for me fine, good, but ...
>
> postgres=> SELECT * INTO t3 FROM t1;
> SELECT
> postgres=> SELECT * FROM t3;
> a | b
> ---+-----
> 1 | aaa
> 2 | bbb
> (2 rows)
>
> postgres=> INSERT INTO t3 VALUES (3,'ccc');
> ERROR: permission denied for relation t3
>
> In this case, the new table t3 is created with the default ACL which does not
> allow to insert any values by the owner of the relation.
>
> SELECT INTO does not check ACL_INSERT on the newly created tables, because
> we had been able to assume the table owner always has privilege to insert
> values into the new table.
> So, OpenIntoRel() didn't check this obvious privilege.
>
> But the default ACL feature breaks this assumption. The table owner may not
> have privilege to insert values into new tables.
> So, it is necessary to put actual access controls on the OpenIntoRel().
>
That's strange behavior I agree. However I don't see how default ACLs
changed it in any way, owner could REVOKE his privileges before.
--
Regards
Petr Jelinek (PJMODOS)
