Home > mailing lists

Re: New predefined roles- 'pg_read/write_all_data' - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: New predefined roles- 'pg_read/write_all_data'
Date	September 5, 2021 14:50:05
Msg-id	CAOuzzgpnUiBErYxJBc5wUYZCxjoG7njkGtxAZHZHZQRgr8pnxg@mail.gmail.com Whole thread Raw
In response to	RE: New predefined roles- 'pg_read/write_all_data' ("Shinoda, Noriyoshi (PN Japan FSIP)" <noriyoshi.shinoda@hpe.com>)
Responses	RE: New predefined roles- 'pg_read/write_all_data' ("Shinoda, Noriyoshi (PN Japan FSIP)" <noriyoshi.shinoda@hpe.com>)
List	pgsql-hackers

Tree view

Greetings,

On Sun, Sep 5, 2021 at 07:43 Shinoda, Noriyoshi (PN Japan FSIP) <noriyoshi.shinoda@hpe.com> wrote:

I have tested this new feature with PostgreSQL 14 Beta 3 environment.
I created a user granted with pg_write_all_data role and executed UPDATE and DELETE statements on tables owned by other users.
If there is no WHERE clause, it can be executed as expected, but if the WHERE clause is specified, an error of permission denied will occur.
Is this the expected behavior?

A WHERE clause requires SELECT rights on the table/columns referenced and if no SELECT rights were granted then a permission denied error is the correct result, yes. Note that pg_write_all_data, as documented, does not include SELECT rights.

Thanks,

Stephen

pgsql-hackers by date:

From: "Shinoda, Noriyoshi (PN Japan FSIP)"
Date: 05 September 2021, 14:42:47
Subject: RE: New predefined roles- 'pg_read/write_all_data'

From: Esteban Zimanyi
Date: 05 September 2021, 15:38:18
Subject: Fwd: Problem with Unix sockets when porting MobilityDB for Windows

Re: New predefined roles- 'pg_read/write_all_data' - Mailing list pgsql-hackers

Previous

Next