Re: Row-security writer-side checks proposal
| От | Craig Ringer |
|---|---|
| Тема | Re: Row-security writer-side checks proposal |
| Дата | |
| Msg-id | 527E4E4D.8000404@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: Row-security writer-side checks proposal (Robert Haas <robertmhaas@gmail.com>) |
| Ответы |
Re: Row-security writer-side checks proposal
|
| Список | pgsql-hackers |
On 11/08/2013 11:03 PM, Robert Haas wrote: >> > Separate "READ DELETE" etc would only be interesting if we wanted to let >> > someone DELETE rows they cannot SELECT. Since we have DELETE ... >> > RETURNING, and since users can write a predicate function for DELETE >> > that leaks the information even if we didn't, in practice if you give >> > the user any READ right you've given them all of them. So I don't think >> > we can support that (except maybe by column RLS down the track). > > Well, we could require SELECT privilege when a a RETURNING clause is present... Absolutely could. Wouldn't stop them grabbing the data via a predicate function on the update/delete, though, and we can't sanely (IMO) require SELECT rights if they want to use non-LEAKPROOF functions/operators either. I do think this needs looking at further, but I suspect it's an area where Pg's flexibility will make life harder. -- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: