interaction between rules, functions and permissions
| От | Brook Milligan |
|---|---|
| Тема | interaction between rules, functions and permissions |
| Дата | |
| Msg-id | 200006051911.NAA24441@biology.nmsu.edu обсуждение исходный текст |
| Список | pgsql-general |
I'm setting up some views and their underlying tables. The views rely on some (mainly SQL) functions to provide some capability (e.g., updating). I want to restrict access to the underlying tables and allow access only through the set of views. The problem is that I seem to have problems with "permission denied" errors when users trigger the view rules. This raises the following questions: - what privileges are required by users to access views? (presumably these are the basic ones as explained for GRANT) - when a rule is invoked that accesses another table (or view), what privileges does that rule run with? My understanding was that rules are run with the privileges of the rule creator not the user who triggered the rule. Consequently, privileges on the underlying table (or view) can be completely restricted, right? - when a rule includes a function (e.g., one that invokes another SQL command like a SELECT), what privileges does that function run with? the rule creator's (like the rule itself) or the user who triggered the function via the rule? If the function accesses another table, can privileges on that table be restricted like with a rule? Thanks for any help to clarify the design of the privilege system. Cheers, Brook
В списке pgsql-general по дате отправления: