Re: Problem with function permission test in a view
| От | Bruce Momjian |
|---|---|
| Тема | Re: Problem with function permission test in a view |
| Дата | |
| Msg-id | 200309270010.h8R0ADg18298@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: Problem with function permission test in a view ("Gaetano Mendola" <mendola@bigfoot.com>) |
| Ответы |
Re: Problem with function permission test in a view
|
| Список | pgsql-hackers |
I am documenting this behavior in the CREATE VIEW manual page, diff attached. --------------------------------------------------------------------------- Gaetano Mendola wrote: > "Bruce Momjian" <pgman@candle.pha.pa.us> wrote: > > Tom Lane wrote: > > > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > > > Someone asked me a question about view and function permissions. I > > > > assumed all object access done by a view would be based on the > > > > permissions on the view, and not the permissions of the objects. > > > > > > Table references are checked according to the owner of the view, but use > > > in a view does not change the execution context for function or operator > > > calls. This is how it's always been done. > > > > > > > Is this a bug? > > > > > > Changing it would be a major definitional change (and a pretty major > > > implementation change too). It might be better, but please don't > > > pre-judge the issue by labeling it a bug. > > > > Well, it sure sounds like a bug. What logic is there that table access > > use the view permissions, but not function access? Could we just use > > SECURITY DEFINER for function calls in views? > > I already had this problem, look here: > > http://groups.google.it/groups?q=postgres+security+definer+gaetano+mendola&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=b711hu%241g25%241%40news.hub.org&rnum=1 > > and I had no reply :-( > > Regards > Gaetano Mendola > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 Index: doc/src/sgml/ref/create_view.sgml =================================================================== RCS file: /cvsroot/pgsql-server/doc/src/sgml/ref/create_view.sgml,v retrieving revision 1.24 diff -c -c -r1.24 create_view.sgml *** doc/src/sgml/ref/create_view.sgml 12 Sep 2003 00:12:47 -0000 1.24 --- doc/src/sgml/ref/create_view.sgml 26 Sep 2003 23:53:34 -0000 *************** *** 118,123 **** --- 118,129 ---- CREATE VIEW vista AS SELECT text 'Hello World' AS hello; </programlisting> </para> + + <para> + While access to tables in the view is controlled entirely by permissions + on the view, functions called by the view are checked independently. + </para> + </refsect1> <refsect1>
В списке pgsql-hackers по дате отправления: