Re: View permissions in 7.1

Tom Lane wrote:

> Lieven Van Acker <lieven@elisa.be> writes:
> > Well, in fact, -at this point - I don't need setuid, because the
> > function current_adm() has to lookup the effective uid of the calling
> > user. The point is I want to filter the records depending on the uid
> > of the user calling the top-level view. So as I can understand, views
> > that are called by other views run still within the same session -
> > thus returning the effective uid, right?

>
> The problem is that current_adm() fails for lack of read access on the
> users table, when it's invoked on behalf of the unprivileged user.
>

You're right. I forgot to grant select priv's to public!

>
> I think that what you really want to be using for the lookup is
> SESSION_USER not CURRENT_USER.  There's no difference at the moment,
> but there will be once we have setuid functions ...
>

Thanks for pointing this out. I'll have to change this to use the session_user!


>
>                         regards, tom lane