2009/11/2 donniehan <donniehan@126.com>:
> Hi Tom,
>
> I agree with Hxli. It may be a good way to add permissions check when cre=
ate
> the view.
>
> I also find=A02 pieces of words in the document about the owner of the=A0=
object.
>
> "By default, only the owner of an object can do anything with the object."
>
> "....as the owner has all privileges by default."
>
> In my case, as the view1 is already owned by user1, so=A0user1 should has=
all
> privileges of view1, but user1 can not select=A0from view1, I am very con=
fused
> by these words.=A0So it maybe necessary to check the user's permissions w=
hen
> he create the object.
Guys, this is pretty straightforward. The permissions on the view
determine who can access it. The permissions of the view owner
determine what the view can access. The way to think about this may
be that a view acts a bit like a setuid program under UNIX: a regular
user can gain superuser privileges; a superuser can give them up.
This may or may not make sense to you and it may or may not be what
you want, but it's NOT A BUG. It's done that way on purpose, it's
well-documented, and it's been that way for a long time. If you want
some explanation of WHY is that way and what it might be useful for,
start by reading the documentation and then if you have questions, ask
on the appropriate mailing list, maybe pgsql-general or pgsql-novice.
...Robert
