On Thu, Dec 16, 2010 at 23:09, Robert Haas <robertmhaas@gmail.com> wrote:
> I believe that our project policy is that permissions checks must be
> done at execution time, not parse/plan time.
Oops, yes. I should have said "permission checks for foreign tables
should have done in their own execution". So, additional checks in
each FDW are not required eventually.
In addition, we allow users to read the definition of the columns and
default values even if they don't have SELECT permission. So, I still
think permission checks for the template relation are not required in
the file reader API. But we need the checks in COPY FROM command because
the relation is used not only as a template but also as a target.
=> SELECT * FROM tbl;
ERROR: permission denied for relation tbl
=> \d+ tbl Table "public.tbl"Column | Type | Modifiers | Storage | Description
--------+---------+-----------+---------+-------------i | integer | | plain |j | integer |
default5 | plain |
Has OIDs: no
--
Itagaki Takahiro
