Home > mailing lists

Re: Need help revoking access WHERE state = 'deleted' - Mailing list pgsql-sql

From	Mark Stosberg
Subject	Re: Need help revoking access WHERE state = 'deleted'
Date	February 28, 2013 22:29:21
Msg-id	512FB00B.7000706@summersault.com Whole thread Raw
In response to	Re: Need help revoking access WHERE state = 'deleted' (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-sql

Tree view

On 02/28/2013 02:08 PM, Tom Lane wrote:
> Mark Stosberg <mark@summersault.com> writes:
>> # Explicitly grant access to the view.
>> db=> grant select on entities_not_deleted to myuser;
>> GRANT
> 
>> # Try again to use the view. Still fails
>> db=> SELECT 1 FROM entities_not_deleted WHERE some_col = 'y';
>> ERROR:  permission denied for relation entities
> 
> What's failing is that the *owner of the view* needs, and hasn't got,
> select access on the entities table.  This is a separate check from
> whether the current user has permission to select from the view.
> Without such a check, views would be a security hole.

This was precisely our issue. Thanks, Tom.

I changed the owner of the view, and our approach is working now.
  Mark

pgsql-sql by date:

From: Tom Lane
Date: 28 February 2013, 22:08:15
Subject: Re: Need help revoking access WHERE state = 'deleted'

From: Richard Huxton
Date: 01 March 2013, 17:32:11
Subject: Re: Concatenating bytea types...

Re: Need help revoking access WHERE state = 'deleted' - Mailing list pgsql-sql

Previous

Next