Re: Ignoring the limited user-rights by using ODBC - Mailing list pgsql-odbc

From Goeke, Tobias
Subject Re: Ignoring the limited user-rights by using ODBC
Date
Msg-id 72F45784D0E25A429B21E156EAEFE5E3E5523A@muenchen.ep.de
Whole thread Raw
In response to Ignoring the limited user-rights by using ODBC  ("Goeke, Tobias" <TGoeke@ElectronicPartner.de>)
List pgsql-odbc
The crux is that the \d commands in psql does not necessarily define
the scope of a user's access privileges. (referring to Peter Eisentraut)

So there can't exist a solution for my "problem" (better wish!) because the
user must read out of the other tables in the views.
I should accept it that they are shown in the choice via odbc.

Thanks a lot for helping me!

Tobias Goeke

-----Ursprüngliche Nachricht-----
Von: Marko Ristola [mailto:marko.ristola@kolumbus.fi]
Gesendet: Mittwoch, 30. März 2005 20:48
An: Peter Eisentraut
Cc: Goeke, Tobias; pgsql-odbc@postgresql.org
Betreff: Re: [ODBC] Ignoring the limited user-rights by using ODBC




I remember from some other databases, that
the schema is not for security. It is for application
logic:

If you have marko.branch and users.branch
tables, you can link to both by

select * from marko.branch
union
select * from users.branch

You can revoke rights from the tables with the following commands:
revoke all from marko on marko.branch;
revoke all from marko on users.branch;
After these, "marko" user is not able to read, or write into the tables.

You can play with the schema like this with ODBC:

set search_path to marko,public; -- the new schema is "marko"
select * from branch; /* points into marko.branch */
set search_path to users,public;
select * from branch; /* points into users.branch */

Read or write rights (grant/revoke) for the table and
visibility (naming, search path, namespace, schema) of the table
name are a different thing.


Marko Ristola

Peter Eisentraut wrote:

>Goeke, Tobias wrote:
>
>
>>If i connect to the database via obdc with this user, all schemes are
>>shown. So i am able to select all the tables and views e.g. in excel,
>>although the user isn't autorized.
>>
>>
>
>It is not possible that the ODBC driver can circumvent privileges that
>would otherwise apply.  Please provide a detailed way to reproduce your
>problem.
>
>Note that what the \d commands in psql show does not necessarily define
>the scope of a user's access privileges.  It merely shows what might be
>of interest to the user.
>
>
>


pgsql-odbc by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Driver maintenance continuation
Next
From: Luis Sousa
Date:
Subject: UPDATE problem