Thread: Problems with permissions and constraints...

Problems with permissions and constraints...

From
"ericnielsen@earthlink.net"
Date:
I'm sure there is a simple answer, but I haven't found it yet.  Permission is being denied and I don't see why...


Here's the table structure:(please ignore irregularities in syntax due to sanitizing the tables)

Create table bar (
    barID serial primary key,
    data ...
);
Revoke all on bar from "Public";
Grant Select on bar "me";

Create table baz (
    bazID serial primary key,
    data ...
);
Revoke all on baz from "Public";
Grant Select,Update,Insert,Delete on baz to "me";

Create table foo (
    fooID serial primary key,
    barID int references bar on delete restrict on update cascade,
    bazID int references baz on delete cascade on update cascade,
    data ...
)
Revoke all on foo from "Public";
Grant Select,Update,Insert,Delete on foo to "me";

Insert into foo (barID,bazID,data) values (2,11,...);
ERROR: bar: Permission denied.
The keys(2,11) both exist in their respective tables.  I can do the lookup on them as "me".  Do I have to give "me"
morerights on bar?  Why?  An insert to 
foo should require nothing more than a check if the key exists (Select priviledges right?).

Eric


--------------------------------------------------------------------
Mail2Web - Check your email from the web at
http://www.mail2web.com/ .


RE: Problems with permissions and constraints...

From
"ericnielsen@earthlink.net"
Date:
A little more information...  granting Update to bar allows the insert to suceed.  Why?  I can not let "me" have update
permissionson bar... 

Thanks

eric


Original Message:
-----------------
From: ericnielsen@earthlink.net ericnielsen@earthlink.net
Date: Sun, 4 Feb 2001 16:21:13 -0500
To: pgsql-novice@postgresql.org
Subject: Problems with permissions and constraints...


I'm sure there is a simple answer, but I haven't found it yet.  Permission is being denied and I don't see why...


Here's the table structure:(please ignore irregularities in syntax due to sanitizing the tables)

Create table bar (
    barID serial primary key,
    data ...
);
Revoke all on bar from "Public";
Grant Select on bar "me";

Create table baz (
    bazID serial primary key,
    data ...
);
Revoke all on baz from "Public";
Grant Select,Update,Insert,Delete on baz to "me";

Create table foo (
    fooID serial primary key,
    barID int references bar on delete restrict on update cascade,
    bazID int references baz on delete cascade on update cascade,
    data ...
)
Revoke all on foo from "Public";
Grant Select,Update,Insert,Delete on foo to "me";

Insert into foo (barID,bazID,data) values (2,11,...);
ERROR: bar: Permission denied.
The keys(2,11) both exist in their respective tables.  I can do the lookup on them as "me".  Do I have to give "me"
morerights on bar?  Why?  An insert to 
foo should require nothing more than a check if the key exists (Select priviledges right?).

Eric


--------------------------------------------------------------------
Mail2Web - Check your email from the web at
http://www.mail2web.com/ .


--------------------------------------------------------------------
Mail2Web - Check your email from the web at
http://www.mail2web.com/ .