Home > mailing lists

Re: Q on SELECT column list pushdown from view to table - Mailing list pgsql-general

From	Karsten Hilbert
Subject	Re: Q on SELECT column list pushdown from view to table
Date	March 26 20:24:14
Msg-id	Z-Q4Pm9_LlLe5Mll@hermes.hilbert.loc Whole thread Raw
In response to	Re: Q on SELECT column list pushdown from view to table (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Q on SELECT column list pushdown from view to table Re: Q on SELECT column list pushdown from view to table
List	pgsql-general

Tree view

Am Tue, Mar 25, 2025 at 06:55:34PM -0400 schrieb Tom Lane:

> Karsten Hilbert <Karsten.Hilbert@gmx.net> writes:
> > I expected this:
>
> >     set role "restricted-role";
> >     -- this works:
> >     select public_col from t_partially_private;
> >     -- this fails: with "permission denied on table t_partially_private"
> >     select public_col from v_partially_private;
>
> > to work but selecting from the view fails.
>
> Works fine if you don't mess with the view's security_invoker
> status.

I know but doing so was kind of the point.

The views are created by a "database owner" role having
access to all tables. Therefore, roles using the views would
normally gain access to tables they are otherwise not
allowed to read. Hence setting security to invoker made a
lot of sense at first sight ...

Perhaps I am misunderstanding the intent of the feature.

Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

pgsql-general by date:

From: Christophe Pettus
Date: 26 March, 19:18:00
Subject: Re: Replication slot WAL reservation

From: Karsten Hilbert
Date: 26 March, 21:30:13
Subject: Re: Q on SELECT column list pushdown from view to table

Re: Q on SELECT column list pushdown from view to table - Mailing list pgsql-general

Previous

Next