On Mon, Oct 22, 2018 at 12:05 PM Amit Langote
<Langote_Amit_f8@lab.ntt.co.jp> wrote:
>
> Hi,
>
> On 2018/10/22 14:41, Stephen Frost wrote:
> > Greetings,
> >
> > * Dilip Kumar (dilipbalaut@gmail.com) wrote:
> >> As part of the security fix
> >> (e2d4ef8de869c57e3bf270a30c12d48c2ce4e00c), we have restricted the
> >> users from accessing the statistics of the table if the user doesn't
> >> have privileges on the table and the function is not leakproof. Now,
> >> as a side effect of this, if the user has the privileges on the root
> >> partitioned table but does not have privilege on the child tables, the
> >> user will be able to access the data of the child table but it won't
> >> be able to access the statistics of the child table. This may result
> >> in a bad plan. I am not sure what should be the fix. Should we
> >> allow to access the statistics of the table if a user has privilege on
> >> its parent table?
> >
> > Yes... If the user has access to the parent table then they can see the
> > child tables, so they should be able to see the statistics on them.
>
> Yeah, but I'd think only if access the child tables are being accessed via
> the parent table.
I agree.
--
Regards,
Dilip Kumar
EnterpriseDB: http://www.enterprisedb.com
