Re: Ignoring the limited user-rights by using ODBC
| От | Marko Ristola |
|---|---|
| Тема | Re: Ignoring the limited user-rights by using ODBC |
| Дата | |
| Msg-id | 424AF44F.4040703@kolumbus.fi обсуждение исходный текст |
| Ответ на | Re: Ignoring the limited user-rights by using ODBC (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-odbc |
I remember from some other databases, that the schema is not for security. It is for application logic: If you have marko.branch and users.branch tables, you can link to both by select * from marko.branch union select * from users.branch You can revoke rights from the tables with the following commands: revoke all from marko on marko.branch; revoke all from marko on users.branch; After these, "marko" user is not able to read, or write into the tables. You can play with the schema like this with ODBC: set search_path to marko,public; -- the new schema is "marko" select * from branch; /* points into marko.branch */ set search_path to users,public; select * from branch; /* points into users.branch */ Read or write rights (grant/revoke) for the table and visibility (naming, search path, namespace, schema) of the table name are a different thing. Marko Ristola Peter Eisentraut wrote: >Goeke, Tobias wrote: > > >>If i connect to the database via obdc with this user, all schemes are >>shown. So i am able to select all the tables and views e.g. in excel, >>although the user isn't autorized. >> >> > >It is not possible that the ODBC driver can circumvent privileges that >would otherwise apply. Please provide a detailed way to reproduce your >problem. > >Note that what the \d commands in psql show does not necessarily define >the scope of a user's access privileges. It merely shows what might be >of interest to the user. > > >
В списке pgsql-odbc по дате отправления: