Re: Row-security writer-side checks proposal
| От | Robert Haas |
|---|---|
| Тема | Re: Row-security writer-side checks proposal |
| Дата | |
| Msg-id | CA+TgmoZPBSgcr=XD=pjUEptP2+h34nnM3MA-_55u-qqCob+J+w@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Row-security writer-side checks proposal (Craig Ringer <craig@2ndquadrant.com>) |
| Список | pgsql-hackers |
On Sat, Nov 9, 2013 at 10:01 AM, Craig Ringer <craig@2ndquadrant.com> wrote: > On 11/08/2013 11:03 PM, Robert Haas wrote: >>> > Separate "READ DELETE" etc would only be interesting if we wanted to let >>> > someone DELETE rows they cannot SELECT. Since we have DELETE ... >>> > RETURNING, and since users can write a predicate function for DELETE >>> > that leaks the information even if we didn't, in practice if you give >>> > the user any READ right you've given them all of them. So I don't think >>> > we can support that (except maybe by column RLS down the track). >> >> Well, we could require SELECT privilege when a a RETURNING clause is present... > > Absolutely could. Wouldn't stop them grabbing the data via a predicate > function on the update/delete, though, and we can't sanely (IMO) require > SELECT rights if they want to use non-LEAKPROOF functions/operators either. Hmm, good point. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: