Postgres Pro
Downloads
Home   >   mailing lists

Re: [HACKERS] Here it is - view permissions - Mailing list pgsql-hackers

From jwieck@debis.com (Jan Wieck)
Subject Re: [HACKERS] Here it is - view permissions
Date
Msg-id m0y76Lv-000BFRC@orion.SAPserv.Hamburg.dsh.de
Whole thread Raw
In response to Re: [HACKERS] Here it is - view permissions  ("Oliver Elphick" <olly@lfix.co.uk>)
List pgsql-hackers
Tree view 
Oliver Elphick wrote:
>
> Bruce Momjian wrote:
>   >All tables are created with default permissions for SELECT to PUBLIC, =
> so
>   >views are no different.
>
> Is this not contrary to the SQL standard?  I understood that SQL tables
> are created with permissions for their creator only; any permissions for
> other users must be granted explicitly.  According to "SQL The Standard
> Handbook" (Cannan & Otten, 1993), the owner of the schema in which a tabl=
> e
> is created is given a full set of privileges, and no other user can acces=
> s
> the table or even discover that it exists!

                             ^^^^^^^^^^^^^^!!!

    Ha!

    The next table we must hide and create a view on :-)

    This time the view must check if the user has at least SELECT
    permission on the table/view and hide  rows.  More  tricky  -
    I'll try to work it out. But not doday - I'm tired and I know
    what can happen then (saying '... and make even  this  little
    thing'  at  23:00  to  reach the state of 22:59 at 04:00 :-).
    Good night to all!

    But a last word: There are  even  more  such  tables  as  the
    tables/views  are also reflected in pg_attributes, pg_rewrite
    and so on. Even if here only the Oid shows up.

    If we really want to get all this up to the highest level, we
    need  sometimes  a proacl field in pg_proc ... *Ack* - Bruce,
    *Outch* - no - not the pumpgun - *Help*

    :-)

>
> It certainly seems undesirable to give automatic access to data of unknow=
> n
> sensitivity.  Surely the default permission should be for the table's
> creator alone or for the owner of the PostgreSQL database (which I suppos=
> e =
>
> is equivalent to the `schema').
>
> I see that Jan Wieck has posted a method for preventing world readability=
> ;
> perhaps this should just be flagged as a configurable option.

    But configurable at compile  time  -  not  a  runtime  option
    please.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#======================================== jwieck@debis.com (Jan Wieck) #

pgsql-hackers by date:

Previous
From: jwieck@debis.com (Jan Wieck)
Date:
Subject: Re: [HACKERS] pg_user "sealed"
Next
From: Keith Parks
Date:
Subject: Re: [HACKERS] SIGSEGV in sebselect.