Re: Permissions for foreign keys

The problem is fixed in the 7.1 beta series.

Rick Delaney wrote:
> 
> I'm using 7.0 and have noticed that I need to grant SELECT and UPDATE
> permissions on any referentially-related tables.  Can/should I get
> around this?  A somewhat contrived example:
> 
> CREATE TABLE emp (
>  id integer PRIMARY KEY,
>  salary integer
> );
> CREATE TABLE proj (
>  id integer PRIMARY KEY,
>  emp_id integer REFERENCES emp
> );
> CREATE TABLE bill (
>  id integer PRIMARY KEY,
>  proj_id integer REFERENCES proj
> );
> INSERT INTO emp  VALUES (1, 100000);
> INSERT INTO proj VALUES (1, 1);
> INSERT INTO bill VALUES (1, 1);
> 
> GRANT ALL ON proj TO someone;
> 
> Connect as someone:
> => INSERT INTO proj VALUES (2, 1);
> ERROR:  emp: Permission denied.
> => UPDATE proj SET id = 2;
> ERROR:  bill: Permission denied.
> 
> It appears that I need to grant:
>    SELECT,UPDATE on  emp to UPDATE or INSERT into proj.
>    SELECT,UPDATE on bill to UPDATE proj.
> 
> When I grant these permissions, the above statements succeed.
> 
> If I don't want users to have UPDATE (or even SELECT) access on the
> other tables (bill and emp), but I want referential integrity, what can
> I do?
> 
> --
> Rick Delaney