Home > mailing lists

Re: Need help revoking access WHERE state = 'deleted' - Mailing list pgsql-sql

From	Tom Lane
Subject	Re: Need help revoking access WHERE state = 'deleted'
Date	February 28, 2013 22:08:15
Msg-id	9963.1362078492@sss.pgh.pa.us Whole thread Raw
In response to	Re: Need help revoking access WHERE state = 'deleted' (Mark Stosberg <mark@summersault.com>)
Responses	Re: Need help revoking access WHERE state = 'deleted'
List	pgsql-sql

Tree view

Mark Stosberg <mark@summersault.com> writes:
> # Explicitly grant access to the view.
> db=> grant select on entities_not_deleted to myuser;
> GRANT

> # Try again to use the view. Still fails
> db=> SELECT 1 FROM entities_not_deleted WHERE some_col = 'y';
> ERROR:  permission denied for relation entities

What's failing is that the *owner of the view* needs, and hasn't got,
select access on the entities table.  This is a separate check from
whether the current user has permission to select from the view.
Without such a check, views would be a security hole.
        regards, tom lane

pgsql-sql by date:

From: Mark Stosberg
Date: 28 February 2013, 21:35:31
Subject: Re: Need help revoking access WHERE state = 'deleted'

From: Mark Stosberg
Date: 28 February 2013, 22:29:21
Subject: Re: Need help revoking access WHERE state = 'deleted'

Re: Need help revoking access WHERE state = 'deleted' - Mailing list pgsql-sql

Previous

Next