Re: Bugs with rules on views/tables: permission denied - Mailing list pgsql-bugs

From Tom Lane
Subject Re: Bugs with rules on views/tables: permission denied
Date
Msg-id 5303.1046118557@sss.pgh.pa.us
Whole thread Raw
In response to Re: Bugs with rules on views/tables: permission denied  ("Donald Fraser" <demolish@cwgsy.net>)
List pgsql-bugs
"Donald Fraser" <demolish@cwgsy.net> writes:
> As USER chkrule do:
> Bugs=3D> INSERT INTO vu_tbl_test (id, s_text) VALUES('1','sometext');
> ERROR:  vu_tbl_test: permission denied

What I get is
    ERROR:  test_func: permission denied
and the needed fix is to grant execute privilege on the function to the
calling user.

> If you give the USER chkrule UPDATE permissions on the view vu_tbl_test the=
> n the error at Scenario 1 goes away.

Not for me.

The reason it acts this way is that rule permissions apply to tables
mentioned in the rule, not to functions.  This is at least partly for
historical reasons: functions didn't have permissions to check, back
when the rule system was designed.  But I'm not sure that it's wrong.
In your example, the end user is controlling the arguments given to
test_func.  If the rule allowed him to call test_func without having
permission to do so, there'd be the potential for security breaches.

            regards, tom lane

pgsql-bugs by date:

Previous
From: "Donald Fraser"
Date:
Subject: Re: Bugs with rules on views/tables: permission denied
Next
From: "Donald Fraser"
Date:
Subject: Re: Bugs with rules on views/tables: permission denied