Re: Views and permissions
От | Christian Schröder |
---|---|
Тема | Re: Views and permissions |
Дата | |
Msg-id | 4794FA05.7060307@deriva.de обсуждение исходный текст |
Ответ на | Re: Views and permissions (Tom Lane <tgl@sss.pgh.pa.us>) |
Список | pgsql-general |
Tom Lane wrote: > Table accesses done by a view are checked according to the privileges > of the owner of the view, not of whoever invoked the view. It's a > bit inconsistent because function calls done in the view are not handled > that way (though I hope we change them to match, someday). > Phew, sometimes I'm surprised about my own stupidity! I used this more than once to create views that gave people access to tables they would otherwise not be allowed to read, but I simply did not recognize that it's simply the same in this case. And by now I also found the section in the manual where this is described (35.4, if someone is interested). > You can use "pg_dumpall -g" to get a dump of just global objects (roles > and tablespaces). If you do want to stick to hand-rolled scripts, then > Thanks, I didn't know this option. The next migration will be much easier with this! > yeah, you need to take another look at it. Since 8.1 there is very > little difference between users and groups --- they are all roles, and > the only actual difference is the default settings of their LOGIN and > INHERITS flags. See the CREATE ROLE reference page for details. > Yes, I know the new role concept, but I didn't realize that it had these impacts on my script. Anyway, I won't need it anymore, now that you told me the "pg_dumpall -g" solution. Thanks again, Christian -- Deriva GmbH Tel.: +49 551 489500-42 Financial IT and Consulting Fax: +49 551 489500-91 Hans-Böckler-Straße 2 http://www.deriva.de D-37079 Göttingen Deriva CA Certificate: http://www.deriva.de/deriva-ca.cer
В списке pgsql-general по дате отправления: