Hi Tom,
I agree with Hxli. It may be a good way to add permissions check when creat=
e the view.
I also find 2 pieces of words in the document about the owner of the object.
"By default, only the owner of an object can do anything with the object."
"....as the owner has all privileges by default."
In my case, as the view1 is already owned by user1, so user1 should has all=
privileges of view1, but user1 can not select from view1, I am very confus=
ed by these words. So it maybe necessary to check the user's permissions wh=
en he create the object.
Regards
-Dongni
"hx.li" <fly2nn@126.com> =D0=B4=C8=EB=CF=FB=CF=A2 news:hclr5f$2nr7$1@news.h=
ub.org...> I think it is right---the superuser can select from> the view, e=
ven if the view's owner tries to prevent that---,> > but maybe a good way i=
s checking owner's privilage when creating a view as > Oracle.> > It would =
be better not to create a view if a user cann`t access a table.> > regards,=
hx.li> > "Tom Lane" <tgl@sss.pgh.pa.us> =D0=B4=C8=EB=CF=FB=CF=A2=D0=C2=CE=
=C5:6863.1257132736@sss.pgh.pa.us...>> "hx.li" <fly2nn@126.com> writes:>>> =
In postgresql's document=A3=ACPart VI. Reference,SQL Commands,GRANT, it sai=
d:>>>>> It should be noted that database superusers can access all objects>=
>> regardless of object privilege settings.>>>> What that means in this exa=
mple is that the superuser can select from>> the view, even if the view's o=
wner tries to prevent that. However,>> the view itself doesn't have any mo=
re permissions than it had before.>> It would have failed for anyone, and i=
t fails for the superuser too.>>>> I grow weary of debating this with you.>=
>>> regards, tom lane>>>> -- >> Sent via pgsql-bugs mailing list (pgsql-bug=
s@postgresql.org)>> To make changes to your subscription:>> http://www.post=
gresql.org/mailpref/pgsql-bugs>> > >=
