Re: rights for schema - Mailing list pgsql-general

From Adrian Klaver
Subject Re: rights for schema
Date
Msg-id 50E20113.9010706@gmail.com
Whole thread Raw
In response to Re: rights for schema  (Philipp Kraus <philipp.kraus@flashpixx.de>)
Responses Re: rights for schema
List pgsql-general
On 12/31/2012 09:02 AM, Philipp Kraus wrote:
>
> Am 31.12.2012 um 15:54 schrieb Adrian Klaver:
>
>> On 12/31/2012 05:41 AM, Philipp Kraus wrote:
>>>
>>> Am 31.12.2012 um 02:11 schrieb Adrian Klaver:
>>>
>>
>>>>
>>>> Actually as of 9.0 that is not strictly true:
>>>> http://www.postgresql.org/docs/9.2/interactive/sql-alterdefaultprivileges.html
>>>
>>> I have create a view for access a table and rules for modifiy the
>>> based table. The table has got a trigger.
>>> If I run an update on the view, I get an error "permission denied"
>>> for the trigger call. My user modifies
>>> only the "view", so do the user also get access to the trigger
>>> (execution right)? IMHO the trigger is run
>>> by postgres self, so the user don't need a right on the trigger.
>>
>> Was the error for the trigger or the function the trigger called?
>
> ERROR:  permission denied for schema usermanagement
>
> usermanagement ist ein schema and the base table calls a function within
> this schema, this
> checks if the user is super user with
>
> select current_setting('is_superuser') = 'on' into l_issuper;

So the issue was that the user calling the function did not have access
to the schema usermanagement. It is also possible the user did not have
EXECUTE privileges on the function either. From your subsequent post I
see you discovered SECURITY DEFINER. This is works as you found out.
Just be aware that if the user that defined the function is a super user
the function has their privileges and all that implies.



--
Adrian Klaver
adrian.klaver@gmail.com


pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Insert Assertion Failed in strcoll_l.c:112
Next
From: Philipp Kraus
Date:
Subject: Re: rights for schema